From 7a0fcb6187b4b19d0dfd7336c9e3e81fc45984e1 Mon Sep 17 00:00:00 2001 From: Stian Thorgersen Date: Fri, 7 Mar 2025 12:15:56 +0100 Subject: [PATCH] Refactor logout methods and move to AbstractOAuthClient (#37882) Closes #37881 Signed-off-by: stianst --- .../test/examples/OAuthClientTest.java | 16 ++ .../util/oauth/AbstractOAuthClient.java | 25 +++- .../util/oauth/AbstractUrlBuilder.java | 19 ++- .../util/oauth/BackchannelLogoutRequest.java | 31 ++++ .../util/oauth/BackchannelLogoutResponse.java | 0 .../testsuite/util/oauth/Endpoints.java | 6 +- .../testsuite/util/oauth/LoginUrlBuilder.java | 18 +-- .../testsuite/util/oauth/LogoutRequest.java | 31 ++++ .../testsuite/util/oauth/LogoutResponse.java | 0 .../util/oauth/LogoutUrlBuilder.java | 61 ++++---- .../org/keycloak/testsuite/pages/AppPage.java | 2 +- .../testsuite/util/oauth/OAuthClient.java | 64 -------- .../account/SessionRestServiceTest.java | 10 +- .../AppInitiatedActionResetPasswordTest.java | 2 +- .../AppInitiatedActionTotpSetupTest.java | 10 +- .../RequiredActionResetPasswordTest.java | 2 +- .../actions/RequiredActionTotpSetupTest.java | 10 +- .../admin/AdminConsoleWhoAmILocaleTest.java | 18 +-- .../broker/AbstractBaseBrokerTest.java | 12 +- .../broker/KcOidcBrokerTokenExchangeTest.java | 5 +- .../broker/KcSamlSignedBrokerTest.java | 7 +- .../keycloak/testsuite/client/CIBATest.java | 4 +- .../client/ClientSecretRotationTest.java | 12 +- .../OAuth2_1ConfidentialClientTest.java | 2 +- .../client/OAuth2_1PublicClientTest.java | 6 +- .../policies/AbstractClientPoliciesTest.java | 18 +-- .../policies/ClientPoliciesExecutorTest.java | 12 +- .../client/policies/ClientPoliciesTest.java | 4 +- ...ecureRedirectUrisEnforcerExecutorTest.java | 2 +- .../cluster/AbstractFailoverClusterTest.java | 3 +- .../testsuite/crossdc/LoginCrossDCTest.java | 2 +- .../AbstractKerberosSingleRealmTest.java | 2 +- .../kerberos/AbstractKerberosTest.java | 2 - .../KerberosLdapCrossRealmTrustTest.java | 12 +- ...KerberosStandaloneCrossRealmTrustTest.java | 5 +- .../ldap/LDAPMultipleAttributesTest.java | 4 +- .../ldap/LDAPProvidersIntegrationTest.java | 3 +- .../storage/BrokenUserStorageTest.java | 3 +- .../storage/UserStorageFailureTest.java | 2 +- .../forms/MultipleTabsLoginTest.java | 2 +- .../RPInitiatedFrontChannelLogoutTest.java | 17 +-- .../testsuite/forms/ReAuthenticationTest.java | 2 +- .../testsuite/forms/RegisterTest.java | 6 +- .../ResetCredentialsAlternativeFlowsTest.java | 10 +- .../testsuite/forms/ResetPasswordTest.java | 9 +- .../org/keycloak/testsuite/forms/SSOTest.java | 6 +- .../AbstractClientAuthSignedJWTTest.java | 4 +- .../testsuite/oauth/AccessTokenTest.java | 2 +- .../oauth/AuthorizationCodeTest.java | 22 +-- .../keycloak/testsuite/oauth/DPoPTest.java | 34 ++--- .../testsuite/oauth/LogoutCorsTest.java | 8 +- .../keycloak/testsuite/oauth/LogoutTest.java | 18 +-- .../testsuite/oauth/OAuthGrantTest.java | 5 +- .../testsuite/oauth/OAuthRedirectUriTest.java | 2 +- .../oauth/OAuthScopeInTokenResponseTest.java | 21 ++- .../oauth/OIDCProtocolMappersTest.java | 10 +- .../testsuite/oauth/OfflineTokenTest.java | 6 +- .../oauth/RPInitiatedLogoutTest.java | 138 +++++++----------- .../testsuite/oauth/RefreshTokenTest.java | 2 +- ...urceOwnerPasswordCredentialsGrantTest.java | 2 +- .../testsuite/oauth/ServiceAccountTest.java | 4 +- .../oauth/TokenEndpointCorsTest.java | 3 +- .../oauth/TokenIntrospectionTest.java | 4 +- .../testsuite/oauth/TokenRevocationTest.java | 2 +- .../keycloak/testsuite/oauth/hok/HoKTest.java | 4 +- .../keycloak/testsuite/oauth/par/ParTest.java | 12 +- ...SubjectImpersonationTokenExchangeTest.java | 3 +- .../StandardTokenExchangeV1Test.java | 5 +- .../testsuite/oidc/AcrAuthFlowTest.java | 2 +- .../AuthenticationMethodReferenceTest.java | 2 +- .../oidc/LightWeightAccessTokenTest.java | 6 +- .../oidc/OIDCAdvancedRequestParamsTest.java | 8 +- .../testsuite/oidc/OIDCDynamicScopeTest.java | 2 +- .../testsuite/oidc/OIDCScopeTest.java | 8 +- .../keycloak/testsuite/oidc/UserInfoTest.java | 2 +- .../testsuite/util/TestAppHelper.java | 2 +- .../webauthn/AbstractWebAuthnVirtualTest.java | 3 +- 77 files changed, 402 insertions(+), 443 deletions(-) create mode 100644 tests/utils-shared/src/main/java/org/keycloak/testsuite/util/oauth/BackchannelLogoutRequest.java rename {testsuite/integration-arquillian/tests/base => tests/utils-shared}/src/main/java/org/keycloak/testsuite/util/oauth/BackchannelLogoutResponse.java (100%) create mode 100644 tests/utils-shared/src/main/java/org/keycloak/testsuite/util/oauth/LogoutRequest.java rename {testsuite/integration-arquillian/tests/base => tests/utils-shared}/src/main/java/org/keycloak/testsuite/util/oauth/LogoutResponse.java (100%) diff --git a/test-framework/examples/tests/src/test/java/org/keycloak/test/examples/OAuthClientTest.java b/test-framework/examples/tests/src/test/java/org/keycloak/test/examples/OAuthClientTest.java index 2b1d2b9b779..6ced5ae329d 100644 --- a/test-framework/examples/tests/src/test/java/org/keycloak/test/examples/OAuthClientTest.java +++ b/test-framework/examples/tests/src/test/java/org/keycloak/test/examples/OAuthClientTest.java @@ -13,6 +13,8 @@ import org.keycloak.testframework.realm.ManagedRealm; import org.keycloak.testframework.realm.ManagedUser; import org.keycloak.testframework.realm.UserConfig; import org.keycloak.testframework.realm.UserConfigBuilder; +import org.keycloak.testframework.ui.annotations.InjectPage; +import org.keycloak.testframework.ui.page.LoginPage; import org.keycloak.testsuite.util.oauth.AccessTokenResponse; import org.keycloak.testsuite.util.oauth.AuthorizationEndpointResponse; import org.keycloak.testsuite.util.oauth.IntrospectionResponse; @@ -33,6 +35,9 @@ public class OAuthClientTest { @InjectUser(config = OAuthUserConfig.class) ManagedUser user; + @InjectPage + LoginPage loginPage; + @Test public void testConfig() { Assertions.assertEquals(managedRealm.getName(), oauth.config().getRealm()); @@ -43,6 +48,8 @@ public class OAuthClientTest { public void testLogin() { AuthorizationEndpointResponse response = oauth.doLogin(user.getUsername(), user.getPassword()); Assertions.assertTrue(response.isRedirected()); + + oauth.logoutForm().idTokenHint(oauth.doAccessTokenRequest(response.getCode()).getIdToken()).open(); } @Test @@ -121,6 +128,15 @@ public class OAuthClientTest { Assertions.assertEquals(user.getUsername(), accessToken.getPreferredUsername()); } + @Test + public void testLogout() { + AuthorizationEndpointResponse authzResponse = oauth.doLogin(user.getUsername(), user.getPassword()); + AccessTokenResponse accessTokenResponse = oauth.doAccessTokenRequest(authzResponse.getCode()); + oauth.logoutForm().idTokenHint(accessTokenResponse.getIdToken()).open(); + oauth.loginForm().open(); + Assertions.assertTrue(loginPage.isActivePage()); + } + public static class OAuthUserConfig implements UserConfig { @Override diff --git a/tests/utils-shared/src/main/java/org/keycloak/testsuite/util/oauth/AbstractOAuthClient.java b/tests/utils-shared/src/main/java/org/keycloak/testsuite/util/oauth/AbstractOAuthClient.java index 1c7671d25cf..d9651bc0552 100644 --- a/tests/utils-shared/src/main/java/org/keycloak/testsuite/util/oauth/AbstractOAuthClient.java +++ b/tests/utils-shared/src/main/java/org/keycloak/testsuite/util/oauth/AbstractOAuthClient.java @@ -33,7 +33,6 @@ public abstract class AbstractOAuthClient { protected String prompt; protected StateParamProvider state; protected String nonce; - protected String idTokenHint; private final KeyManager keyManager = new KeyManager(this); private final TokensManager tokensManager = new TokensManager(keyManager); @@ -116,6 +115,30 @@ public abstract class AbstractOAuthClient { return refreshRequest(refreshToken).send(); } + public LogoutUrlBuilder logoutForm() { + return new LogoutUrlBuilder(this); + } + + public void openLogoutForm() { + logoutForm().open(); + } + + public LogoutRequest logoutRequest(String refreshToken) { + return new LogoutRequest(refreshToken, this); + } + + public LogoutResponse doLogout(String refreshToken) { + return logoutRequest(refreshToken).send(); + } + + public BackchannelLogoutRequest backchannelLogoutRequest(String logoutToken) { + return new BackchannelLogoutRequest(logoutToken, this); + } + + public BackchannelLogoutResponse doBackchannelLogout(String logoutToken) { + return backchannelLogoutRequest(logoutToken).send(); + } + public OpenIDProviderConfigurationRequest wellknownRequest() { return new OpenIDProviderConfigurationRequest(this); } diff --git a/tests/utils-shared/src/main/java/org/keycloak/testsuite/util/oauth/AbstractUrlBuilder.java b/tests/utils-shared/src/main/java/org/keycloak/testsuite/util/oauth/AbstractUrlBuilder.java index d46a72ee78e..61210518b67 100644 --- a/tests/utils-shared/src/main/java/org/keycloak/testsuite/util/oauth/AbstractUrlBuilder.java +++ b/tests/utils-shared/src/main/java/org/keycloak/testsuite/util/oauth/AbstractUrlBuilder.java @@ -2,13 +2,17 @@ package org.keycloak.testsuite.util.oauth; import jakarta.ws.rs.core.UriBuilder; +import java.util.HashMap; +import java.util.Map; + public abstract class AbstractUrlBuilder { protected final AbstractOAuthClient client; - protected UriBuilder uriBuilder; + protected Map params = new HashMap<>(); public AbstractUrlBuilder(AbstractOAuthClient client) { this.client = client; + initRequest(); } public abstract String getEndpoint(); @@ -20,21 +24,16 @@ public abstract class AbstractUrlBuilder { } protected void parameter(String name, String value) { - if (value != null) { - uriBuilder.queryParam(name, value); - } + params.put(name, value); } protected void replaceParameter(String name, String value) { - if (value != null) { - uriBuilder.replaceQueryParam(name, value); - } + params.put(name, value); } public String build() { - uriBuilder = UriBuilder.fromUri(getEndpoint()); - initRequest(); - + UriBuilder uriBuilder = UriBuilder.fromUri(getEndpoint()); + params.entrySet().stream().filter(e -> e.getValue() != null).forEach(e -> uriBuilder.queryParam(e.getKey(), e.getValue())); return uriBuilder.build().toString(); } diff --git a/tests/utils-shared/src/main/java/org/keycloak/testsuite/util/oauth/BackchannelLogoutRequest.java b/tests/utils-shared/src/main/java/org/keycloak/testsuite/util/oauth/BackchannelLogoutRequest.java new file mode 100644 index 00000000000..652e0db85d0 --- /dev/null +++ b/tests/utils-shared/src/main/java/org/keycloak/testsuite/util/oauth/BackchannelLogoutRequest.java @@ -0,0 +1,31 @@ +package org.keycloak.testsuite.util.oauth; + +import org.apache.http.client.methods.CloseableHttpResponse; +import org.keycloak.OAuth2Constants; + +import java.io.IOException; + +public class BackchannelLogoutRequest extends AbstractHttpPostRequest { + + private final String logoutToken; + + BackchannelLogoutRequest(String logoutToken, AbstractOAuthClient client) { + super(client); + this.logoutToken = logoutToken; + } + + @Override + protected String getEndpoint() { + return client.getEndpoints().getBackChannelLogout(); + } + + protected void initRequest() { + parameter(OAuth2Constants.LOGOUT_TOKEN, logoutToken); + } + + @Override + protected BackchannelLogoutResponse toResponse(CloseableHttpResponse response) throws IOException { + return new BackchannelLogoutResponse(response); + } + +} diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/oauth/BackchannelLogoutResponse.java b/tests/utils-shared/src/main/java/org/keycloak/testsuite/util/oauth/BackchannelLogoutResponse.java similarity index 100% rename from testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/oauth/BackchannelLogoutResponse.java rename to tests/utils-shared/src/main/java/org/keycloak/testsuite/util/oauth/BackchannelLogoutResponse.java diff --git a/tests/utils-shared/src/main/java/org/keycloak/testsuite/util/oauth/Endpoints.java b/tests/utils-shared/src/main/java/org/keycloak/testsuite/util/oauth/Endpoints.java index 3cae06ce2ec..d4456ee71d0 100644 --- a/tests/utils-shared/src/main/java/org/keycloak/testsuite/util/oauth/Endpoints.java +++ b/tests/utils-shared/src/main/java/org/keycloak/testsuite/util/oauth/Endpoints.java @@ -58,11 +58,7 @@ public class Endpoints { } public String getLogout() { - return getLogoutBuilder().build(); - } - - public LogoutUrlBuilder getLogoutBuilder() { - return new LogoutUrlBuilder(this); + return asString(OIDCLoginProtocolService.logoutUrl(getBase())); } public String getBackChannelLogout() { diff --git a/tests/utils-shared/src/main/java/org/keycloak/testsuite/util/oauth/LoginUrlBuilder.java b/tests/utils-shared/src/main/java/org/keycloak/testsuite/util/oauth/LoginUrlBuilder.java index 73dd8ac3891..6fd8c7dda8b 100644 --- a/tests/utils-shared/src/main/java/org/keycloak/testsuite/util/oauth/LoginUrlBuilder.java +++ b/tests/utils-shared/src/main/java/org/keycloak/testsuite/util/oauth/LoginUrlBuilder.java @@ -4,13 +4,8 @@ import org.keycloak.OAuth2Constants; import org.keycloak.models.Constants; import org.keycloak.protocol.oidc.OIDCLoginProtocol; -import java.util.HashMap; -import java.util.Map; - public class LoginUrlBuilder extends AbstractUrlBuilder { - private Map customParameters; - public LoginUrlBuilder(AbstractOAuthClient client) { super(client); } @@ -21,20 +16,17 @@ public class LoginUrlBuilder extends AbstractUrlBuilder { } public LoginUrlBuilder param(String name, String value) { - if (customParameters == null) { - customParameters = new HashMap<>(); - } - customParameters.put(name, value); + replaceParameter(name, value); return this; } public LoginUrlBuilder prompt(String value) { - param(OIDCLoginProtocol.PROMPT_PARAM, value); + replaceParameter(OIDCLoginProtocol.PROMPT_PARAM, value); return this; } public LoginUrlBuilder loginHint(String value) { - param(OIDCLoginProtocol.LOGIN_HINT_PARAM, value); + replaceParameter(OIDCLoginProtocol.LOGIN_HINT_PARAM, value); return this; } @@ -66,10 +58,6 @@ public class LoginUrlBuilder extends AbstractUrlBuilder { if (client.getCustomParameters() != null) { client.getCustomParameters().forEach(this::parameter); } - - if (customParameters != null) { - customParameters.forEach(this::replaceParameter); - } } } diff --git a/tests/utils-shared/src/main/java/org/keycloak/testsuite/util/oauth/LogoutRequest.java b/tests/utils-shared/src/main/java/org/keycloak/testsuite/util/oauth/LogoutRequest.java new file mode 100644 index 00000000000..d41a7986822 --- /dev/null +++ b/tests/utils-shared/src/main/java/org/keycloak/testsuite/util/oauth/LogoutRequest.java @@ -0,0 +1,31 @@ +package org.keycloak.testsuite.util.oauth; + +import org.apache.http.client.methods.CloseableHttpResponse; +import org.keycloak.OAuth2Constants; + +import java.io.IOException; + +public class LogoutRequest extends AbstractHttpPostRequest { + + private final String refreshToken; + + LogoutRequest(String refreshToken, AbstractOAuthClient client) { + super(client); + this.refreshToken = refreshToken; + } + + @Override + protected String getEndpoint() { + return client.getEndpoints().getLogout(); + } + + protected void initRequest() { + parameter(OAuth2Constants.REFRESH_TOKEN, refreshToken); + } + + @Override + protected LogoutResponse toResponse(CloseableHttpResponse response) throws IOException { + return new LogoutResponse(response); + } + +} diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/oauth/LogoutResponse.java b/tests/utils-shared/src/main/java/org/keycloak/testsuite/util/oauth/LogoutResponse.java similarity index 100% rename from testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/oauth/LogoutResponse.java rename to tests/utils-shared/src/main/java/org/keycloak/testsuite/util/oauth/LogoutResponse.java diff --git a/tests/utils-shared/src/main/java/org/keycloak/testsuite/util/oauth/LogoutUrlBuilder.java b/tests/utils-shared/src/main/java/org/keycloak/testsuite/util/oauth/LogoutUrlBuilder.java index 4f0d24e46e3..ad696cc256b 100644 --- a/tests/utils-shared/src/main/java/org/keycloak/testsuite/util/oauth/LogoutUrlBuilder.java +++ b/tests/utils-shared/src/main/java/org/keycloak/testsuite/util/oauth/LogoutUrlBuilder.java @@ -1,70 +1,63 @@ package org.keycloak.testsuite.util.oauth; -import jakarta.ws.rs.core.UriBuilder; import org.keycloak.protocol.oidc.OIDCLoginProtocol; -import org.keycloak.protocol.oidc.OIDCLoginProtocolService; import org.keycloak.services.managers.AuthenticationManager; -public class LogoutUrlBuilder { +public class LogoutUrlBuilder extends AbstractUrlBuilder { - private final Endpoints endpoints; - - private String clientId; - private String idTokenHint; - private String redirectUri; - private String state; - private String uiLocales; - private String initiatingIdp; - - LogoutUrlBuilder(Endpoints endpoints) { - this.endpoints = endpoints; + LogoutUrlBuilder(AbstractOAuthClient client) { + super(client); } - public LogoutUrlBuilder clientId(String clientId) { - this.clientId = clientId; + @Override + public String getEndpoint() { + return client.getEndpoints().getLogout(); + } + + public LogoutUrlBuilder param(String name, String value) { + replaceParameter(name, value); return this; } public LogoutUrlBuilder idTokenHint(String idTokenHint) { - this.idTokenHint = idTokenHint; + replaceParameter(OIDCLoginProtocol.ID_TOKEN_HINT, idTokenHint); return this; } public LogoutUrlBuilder postLogoutRedirectUri(String redirectUri) { - this.redirectUri = redirectUri; + replaceParameter(OIDCLoginProtocol.POST_LOGOUT_REDIRECT_URI_PARAM, redirectUri); return this; } public LogoutUrlBuilder state(String state) { - this.state = state; + replaceParameter(OIDCLoginProtocol.STATE_PARAM, state); return this; } public LogoutUrlBuilder uiLocales(String uiLocales) { - this.uiLocales = uiLocales; + replaceParameter(OIDCLoginProtocol.UI_LOCALES_PARAM, uiLocales); return this; } public LogoutUrlBuilder initiatingIdp(String initiatingIdp) { - this.initiatingIdp = initiatingIdp; + replaceParameter(AuthenticationManager.INITIATING_IDP_PARAM, initiatingIdp); return this; } - public String build() { - UriBuilder b = OIDCLoginProtocolService.logoutUrl(endpoints.getBase()); - setNonNull(b, OIDCLoginProtocol.CLIENT_ID_PARAM, clientId); - setNonNull(b, OIDCLoginProtocol.ID_TOKEN_HINT, idTokenHint); - setNonNull(b, OIDCLoginProtocol.POST_LOGOUT_REDIRECT_URI_PARAM, redirectUri); - setNonNull(b, OIDCLoginProtocol.STATE_PARAM, state); - setNonNull(b, OIDCLoginProtocol.UI_LOCALES_PARAM, uiLocales); - setNonNull(b, AuthenticationManager.INITIATING_IDP_PARAM, initiatingIdp); - return endpoints.asString(b); + public LogoutUrlBuilder withClientId() { + parameter(OIDCLoginProtocol.CLIENT_ID_PARAM, client.config().getClientId()); + return this; } - private void setNonNull(UriBuilder b, String name, String value) { - if (value != null) { - b.queryParam(name, value); - } + public LogoutUrlBuilder withRedirect() { + postLogoutRedirectUri(client.config().getPostLogoutRedirectUri()); + return this; + } + + @Override + protected void initRequest() { +// parameter(OIDCLoginProtocol.POST_LOGOUT_REDIRECT_URI_PARAM, client.config().getPostLogoutRedirectUri()); +// parameter(OIDCLoginProtocol.ID_TOKEN_HINT, client.getIdTokenHint()); } } diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/pages/AppPage.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/pages/AppPage.java index deaf70903eb..10b08594f1c 100755 --- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/pages/AppPage.java +++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/pages/AppPage.java @@ -59,7 +59,7 @@ public class AppPage extends AbstractPage { } public void logout(String idTokenHint) { - oauth.idTokenHint(idTokenHint).openLogout(); + oauth.logoutForm().idTokenHint(idTokenHint).withRedirect().open(); } diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/oauth/OAuthClient.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/oauth/OAuthClient.java index e70317929e9..4a641fa266c 100644 --- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/oauth/OAuthClient.java +++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/oauth/OAuthClient.java @@ -17,7 +17,6 @@ package org.keycloak.testsuite.util.oauth; -import jakarta.ws.rs.core.UriBuilder; import org.apache.http.NameValuePair; import org.apache.http.client.entity.UrlEncodedFormEntity; import org.apache.http.client.methods.CloseableHttpResponse; @@ -30,7 +29,6 @@ import org.keycloak.OAuth2Constants; import org.keycloak.models.Constants; import org.keycloak.models.utils.KeycloakModelUtils; import org.keycloak.protocol.oidc.OIDCLoginProtocol; -import org.keycloak.protocol.oidc.OIDCLoginProtocolService; import org.keycloak.protocol.oidc.grants.ciba.channel.AuthenticationChannelResponse; import org.keycloak.representations.ClaimsRepresentation; import org.keycloak.testsuite.pages.LoginPage; @@ -203,52 +201,6 @@ public class OAuthClient extends AbstractOAuthClient { return new BackchannelAuthenticationTokenRequest(authReqId, this).client(clientId, clientSecret).send(); } - // TODO Extract into request class - public LogoutResponse doLogout(String refreshToken, String clientSecret) { - HttpPost post = new HttpPost(getEndpoints().getLogout()); - - List parameters = new LinkedList<>(); - if (refreshToken != null) { - parameters.add(new BasicNameValuePair(OAuth2Constants.REFRESH_TOKEN, refreshToken)); - } - if (config.getClientId() != null && clientSecret != null) { - String authorization = BasicAuthHelper.createHeader(config.getClientId(), clientSecret); - post.setHeader("Authorization", authorization); - } else if (config.getClientId() != null) { - parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ID, config.getClientId())); - } - if (config.getOrigin() != null) { - post.addHeader("Origin", config.getOrigin()); - } - - UrlEncodedFormEntity formEntity = new UrlEncodedFormEntity(parameters, StandardCharsets.UTF_8); - post.setEntity(formEntity); - - try { - return new LogoutResponse(httpClientManager.get().execute(post)); - } catch (IOException e) { - throw new RuntimeException(e); - } - } - - // TODO Extract into request class - public BackchannelLogoutResponse doBackchannelLogout(String logoutToken) { - HttpPost post = new HttpPost(getEndpoints().getBackChannelLogout()); - List parameters = new LinkedList<>(); - if (logoutToken != null) { - parameters.add(new BasicNameValuePair(OAuth2Constants.LOGOUT_TOKEN, logoutToken)); - } - - UrlEncodedFormEntity formEntity = new UrlEncodedFormEntity(parameters, StandardCharsets.UTF_8); - post.setEntity(formEntity); - - try { - return new BackchannelLogoutResponse(httpClientManager.get().execute(post)); - } catch (IOException e) { - throw new RuntimeException(e); - } - } - // TODO Extract into request class public DeviceAuthorizationResponse doDeviceAuthorizationRequest(String clientId, String clientSecret) throws Exception { HttpPost post = new HttpPost(getEndpoints().getDeviceAuthorization()); @@ -417,17 +369,6 @@ public class OAuthClient extends AbstractOAuthClient { return config.getScope(); } - public void openLogout() { - UriBuilder b = OIDCLoginProtocolService.logoutUrl(UriBuilder.fromUri(baseUrl)); - if (config.getPostLogoutRedirectUri() != null) { - b.queryParam(OAuth2Constants.POST_LOGOUT_REDIRECT_URI, config.getPostLogoutRedirectUri()); - } - if (idTokenHint != null) { - b.queryParam(OAuth2Constants.ID_TOKEN_HINT, idTokenHint); - } - driver.navigate().to(b.build(config.getRealm()).toString()); - } - public String getState() { return state.getState(); } @@ -461,11 +402,6 @@ public class OAuthClient extends AbstractOAuthClient { return this; } - public OAuthClient idTokenHint(String idTokenHint) { - this.idTokenHint = idTokenHint; - return this; - } - public OAuthClient kcAction(String kcAction) { this.kcAction = kcAction; return this; diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/SessionRestServiceTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/SessionRestServiceTest.java index dd23f8b1399..3ce4c96c093 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/SessionRestServiceTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/SessionRestServiceTest.java @@ -219,14 +219,14 @@ public class SessionRestServiceTest extends AbstractRestServiceTest { // first browser authenticates from Windows using Edge oauth.setDriver(firstBrowser); - oauth.idTokenHint(tokenResponse1.getIdToken()).openLogout(); + oauth.logoutForm().idTokenHint(tokenResponse1.getIdToken()).open(); setBrowserHeader("User-Agent", "Mozilla/5.0 (Windows Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36 Edge/12.0"); tokenResponse1 = codeGrant("public-client-0"); // second browser authenticates from Windows using Firefox oauth.setDriver(secondBrowser); - oauth.idTokenHint(tokenResponse2.getIdToken()).openLogout(); + oauth.logoutForm().idTokenHint(tokenResponse2.getIdToken()).open(); setBrowserHeader("User-Agent", "Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Gecko/20100101 Firefox/15.0.1"); tokenResponse2 = codeGrant("public-client-0"); @@ -260,7 +260,7 @@ public class SessionRestServiceTest extends AbstractRestServiceTest { // third browser authenticates from Windows using a different Windows version oauth.setDriver(thirdBrowser); - oauth.idTokenHint(tokenResponse3.getIdToken()).openLogout(); + oauth.logoutForm().idTokenHint(tokenResponse3.getIdToken()).open(); setBrowserHeader("User-Agent", "Mozilla/5.0 (Windows 7) AppleWebKit/537.36 (KHTML, like Gecko) Version/11.0 Safari/603.1.30"); setBrowserHeader("X-Forwarded-For", "192.168.10.3"); @@ -272,13 +272,13 @@ public class SessionRestServiceTest extends AbstractRestServiceTest { assertEquals(2, windowsDevices.size()); oauth.setDriver(firstBrowser); - oauth.idTokenHint(tokenResponse1.getIdToken()).openLogout(); + oauth.logoutForm().idTokenHint(tokenResponse1.getIdToken()).open(); setBrowserHeader("User-Agent", "Mozilla/5.0 (iPhone; CPU iPhone OS 5_1_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9B206 Safari/7534.48.3"); tokenResponse1 = codeGrant("public-client-0"); oauth.setDriver(secondBrowser); - oauth.idTokenHint(tokenResponse2.getIdToken()).openLogout(); + oauth.logoutForm().idTokenHint(tokenResponse2.getIdToken()).open(); setBrowserHeader("User-Agent", "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:15.0) Gecko/20100101 Firefox/15.0.1"); tokenResponse2 = codeGrant("public-client-0"); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/actions/AppInitiatedActionResetPasswordTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/actions/AppInitiatedActionResetPasswordTest.java index 3eb25ab5d54..c88ba5c7a30 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/actions/AppInitiatedActionResetPasswordTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/actions/AppInitiatedActionResetPasswordTest.java @@ -142,7 +142,7 @@ public class AppInitiatedActionResetPasswordTest extends AbstractAppInitiatedAct EventRepresentation loginEvent = events.expectLogin().assertEvent(); AccessTokenResponse tokenResponse = sendTokenRequestAndGetResponse(loginEvent); - oauth.idTokenHint(tokenResponse.getIdToken()).openLogout(); + oauth.logoutForm().idTokenHint(tokenResponse.getIdToken()).withRedirect().open(); events.expectLogout(loginEvent.getSessionId()).assertEvent(); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/actions/AppInitiatedActionTotpSetupTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/actions/AppInitiatedActionTotpSetupTest.java index 697564a94ad..a5297f517be 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/actions/AppInitiatedActionTotpSetupTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/actions/AppInitiatedActionTotpSetupTest.java @@ -368,7 +368,7 @@ public class AppInitiatedActionTotpSetupTest extends AbstractAppInitiatedActionT EventRepresentation loginEvent = events.expectLogin().session(authSessionId2).assertEvent(); AccessTokenResponse tokenResponse = sendTokenRequestAndGetResponse(loginEvent); - oauth.idTokenHint(tokenResponse.getIdToken()).openLogout(); + oauth.logoutForm().idTokenHint(tokenResponse.getIdToken()).withRedirect().open(); events.expectLogout(authSessionId2).assertEvent(); @@ -416,7 +416,7 @@ public class AppInitiatedActionTotpSetupTest extends AbstractAppInitiatedActionT // Logout AccessTokenResponse tokenResponse = sendTokenRequestAndGetResponse(loginEvent); - oauth.idTokenHint(tokenResponse.getIdToken()).openLogout(); + oauth.logoutForm().idTokenHint(tokenResponse.getIdToken()).withRedirect().open(); events.expectLogout(loginEvent.getSessionId()).user(userId).assertEvent(); // Try to login after logout @@ -482,7 +482,7 @@ public class AppInitiatedActionTotpSetupTest extends AbstractAppInitiatedActionT EventRepresentation loginEvent = events.expectLogin().session(sessionId2).assertEvent(); AccessTokenResponse tokenResponse = sendTokenRequestAndGetResponse(loginEvent); - oauth.idTokenHint(tokenResponse.getIdToken()).openLogout(); + oauth.logoutForm().idTokenHint(tokenResponse.getIdToken()).withRedirect().open(); events.expectLogout(loginEvent.getSessionId()).assertEvent(); @@ -541,7 +541,7 @@ public class AppInitiatedActionTotpSetupTest extends AbstractAppInitiatedActionT EventRepresentation loginEvent = events.expectLogin().session(sessionId1).assertEvent(); AccessTokenResponse tokenResponse = sendTokenRequestAndGetResponse(loginEvent); - oauth.idTokenHint(tokenResponse.getIdToken()).openLogout(); + oauth.logoutForm().idTokenHint(tokenResponse.getIdToken()).withRedirect().open(); events.expectLogout(loginEvent.getSessionId()).assertEvent(); @@ -555,7 +555,7 @@ public class AppInitiatedActionTotpSetupTest extends AbstractAppInitiatedActionT loginEvent = events.expectLogin().assertEvent(); tokenResponse = sendTokenRequestAndGetResponse(loginEvent); - oauth.idTokenHint(tokenResponse.getIdToken()).openLogout(); + oauth.logoutForm().idTokenHint(tokenResponse.getIdToken()).withRedirect().open(); events.expectLogout(null).session(AssertEvents.isUUID()).assertEvent(); // test lookAheadWindow diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/actions/RequiredActionResetPasswordTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/actions/RequiredActionResetPasswordTest.java index 29ba2839352..c58325bdb52 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/actions/RequiredActionResetPasswordTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/actions/RequiredActionResetPasswordTest.java @@ -116,7 +116,7 @@ public class RequiredActionResetPasswordTest extends AbstractTestRealmKeycloakTe EventRepresentation loginEvent = events.expectLogin().assertEvent(); AccessTokenResponse tokenResponse = sendTokenRequestAndGetResponse(loginEvent); - oauth.idTokenHint(tokenResponse.getIdToken()).openLogout(); + oauth.logoutForm().idTokenHint(tokenResponse.getIdToken()).withRedirect().open(); events.expectLogout(loginEvent.getSessionId()).assertEvent(); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/actions/RequiredActionTotpSetupTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/actions/RequiredActionTotpSetupTest.java index c3f555570b3..e51afa2fa38 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/actions/RequiredActionTotpSetupTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/actions/RequiredActionTotpSetupTest.java @@ -405,7 +405,7 @@ public class RequiredActionTotpSetupTest extends AbstractTestRealmKeycloakTest { EventRepresentation loginEvent = events.expectLogin().session(authSessionId1).assertEvent(); AccessTokenResponse tokenResponse = sendTokenRequestAndGetResponse(loginEvent); - oauth.idTokenHint(tokenResponse.getIdToken()).openLogout(); + oauth.logoutForm().idTokenHint(tokenResponse.getIdToken()).withRedirect().open(); events.expectLogout(authSessionId1).assertEvent(); @@ -478,7 +478,7 @@ public class RequiredActionTotpSetupTest extends AbstractTestRealmKeycloakTest { // Logout AccessTokenResponse tokenResponse = sendTokenRequestAndGetResponse(loginEvent); - oauth.idTokenHint(tokenResponse.getIdToken()).openLogout(); + oauth.logoutForm().idTokenHint(tokenResponse.getIdToken()).withRedirect().open(); events.expectLogout(loginEvent.getSessionId()).user(userId).assertEvent(); setOtpTimeOffset(TimeBasedOTP.DEFAULT_INTERVAL_SECONDS, totp); @@ -566,7 +566,7 @@ public class RequiredActionTotpSetupTest extends AbstractTestRealmKeycloakTest { EventRepresentation loginEvent = events.expectLogin().session(sessionId1).assertEvent(); AccessTokenResponse tokenResponse = sendTokenRequestAndGetResponse(loginEvent); - oauth.idTokenHint(tokenResponse.getIdToken()).openLogout(); + oauth.logoutForm().idTokenHint(tokenResponse.getIdToken()).withRedirect().open(); events.expectLogout(loginEvent.getSessionId()).assertEvent(); @@ -626,7 +626,7 @@ public class RequiredActionTotpSetupTest extends AbstractTestRealmKeycloakTest { EventRepresentation loginEvent = events.expectLogin().session(sessionId1).assertEvent(); AccessTokenResponse tokenResponse = sendTokenRequestAndGetResponse(loginEvent); - oauth.idTokenHint(tokenResponse.getIdToken()).openLogout(); + oauth.logoutForm().idTokenHint(tokenResponse.getIdToken()).withRedirect().open(); events.expectLogout(loginEvent.getSessionId()).assertEvent(); @@ -641,7 +641,7 @@ public class RequiredActionTotpSetupTest extends AbstractTestRealmKeycloakTest { loginEvent = events.expectLogin().assertEvent(); tokenResponse = sendTokenRequestAndGetResponse(loginEvent); - oauth.idTokenHint(tokenResponse.getIdToken()).openLogout(); + oauth.logoutForm().idTokenHint(tokenResponse.getIdToken()).withRedirect().open(); events.expectLogout(null).session(AssertEvents.isUUID()).assertEvent(); // test lookAheadWindow diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/AdminConsoleWhoAmILocaleTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/AdminConsoleWhoAmILocaleTest.java index 5b54e989b15..dd79ef2dc84 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/AdminConsoleWhoAmILocaleTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/AdminConsoleWhoAmILocaleTest.java @@ -137,7 +137,7 @@ public class AdminConsoleWhoAmILocaleTest extends AbstractKeycloakTest { Assert.assertEquals(REALM_I18N_OFF, whoAmI.get("realm").asText()); Assert.assertEquals(DEFAULT_LOCALE, whoAmI.get("locale").asText()); checkRealmAccess(REALM_I18N_OFF, whoAmI); - oauth.doLogout(response.getRefreshToken(), null); + oauth.doLogout(response.getRefreshToken()); } @Test @@ -151,7 +151,7 @@ public class AdminConsoleWhoAmILocaleTest extends AbstractKeycloakTest { Assert.assertEquals(REALM_I18N_OFF, whoAmI.get("realm").asText()); Assert.assertEquals(DEFAULT_LOCALE, whoAmI.get("locale").asText()); checkRealmAccess(REALM_I18N_OFF, whoAmI); - oauth.doLogout(response.getRefreshToken(), null); + oauth.doLogout(response.getRefreshToken()); } @Test @@ -165,7 +165,7 @@ public class AdminConsoleWhoAmILocaleTest extends AbstractKeycloakTest { Assert.assertEquals(REALM_I18N_ON, whoAmI.get("realm").asText()); Assert.assertEquals(REALM_LOCALE, whoAmI.get("locale").asText()); checkRealmAccess(REALM_I18N_ON, whoAmI); - oauth.doLogout(response.getRefreshToken(), null); + oauth.doLogout(response.getRefreshToken()); } @Test @@ -179,7 +179,7 @@ public class AdminConsoleWhoAmILocaleTest extends AbstractKeycloakTest { Assert.assertEquals(REALM_I18N_ON, whoAmI.get("realm").asText()); Assert.assertEquals(USER_LOCALE, whoAmI.get("locale").asText()); checkRealmAccess(REALM_I18N_ON, whoAmI); - oauth.doLogout(response.getRefreshToken(), null); + oauth.doLogout(response.getRefreshToken()); } @Test @@ -194,7 +194,7 @@ public class AdminConsoleWhoAmILocaleTest extends AbstractKeycloakTest { Assert.assertEquals(REALM_I18N_ON, whoAmI.get("realm").asText()); Assert.assertEquals(EXTRA_LOCALE, whoAmI.get("locale").asText()); checkRealmAccess(REALM_I18N_ON, whoAmI); - oauth.doLogout(response.getRefreshToken(), null); + oauth.doLogout(response.getRefreshToken()); } @Test @@ -209,7 +209,7 @@ public class AdminConsoleWhoAmILocaleTest extends AbstractKeycloakTest { Assert.assertEquals(REALM_I18N_ON, whoAmI.get("realm").asText()); Assert.assertEquals(EXTRA_LOCALE, whoAmI.get("locale").asText()); checkRealmAccess(REALM_I18N_ON, whoAmI); - oauth.doLogout(response.getRefreshToken(), null); + oauth.doLogout(response.getRefreshToken()); } @Test @@ -223,7 +223,7 @@ public class AdminConsoleWhoAmILocaleTest extends AbstractKeycloakTest { Assert.assertEquals(AuthRealm.MASTER, whoAmI.get("realm").asText()); Assert.assertEquals(DEFAULT_LOCALE, whoAmI.get("locale").asText()); checkRealmAccess(AuthRealm.MASTER, whoAmI); - oauth.doLogout(response.getRefreshToken(), null); + oauth.doLogout(response.getRefreshToken()); } @Test @@ -237,7 +237,7 @@ public class AdminConsoleWhoAmILocaleTest extends AbstractKeycloakTest { Assert.assertEquals(AuthRealm.MASTER, whoAmI.get("realm").asText()); Assert.assertEquals(DEFAULT_LOCALE, whoAmI.get("locale").asText()); checkRealmAccess(REALM_I18N_ON, whoAmI); - oauth.doLogout(response.getRefreshToken(), null); + oauth.doLogout(response.getRefreshToken()); } @Test @@ -260,7 +260,7 @@ public class AdminConsoleWhoAmILocaleTest extends AbstractKeycloakTest { .asResponse()) { Assert.assertEquals(Response.Status.FORBIDDEN.getStatusCode(), res.getStatus()); } - oauth.doLogout(response.getRefreshToken(), null); + oauth.doLogout(response.getRefreshToken()); } @Test diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractBaseBrokerTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractBaseBrokerTest.java index edbc254b0ac..48d3ef4dde0 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractBaseBrokerTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractBaseBrokerTest.java @@ -59,7 +59,6 @@ import org.keycloak.testsuite.util.oauth.OAuthClient; import org.keycloak.testsuite.util.userprofile.UserProfileUtil; import org.openqa.selenium.By; import org.openqa.selenium.TimeoutException; -import org.openqa.selenium.support.PageFactory; import java.net.URI; import java.util.Collections; @@ -354,18 +353,19 @@ public abstract class AbstractBaseBrokerTest extends AbstractKeycloakTest { oauth.init(); } - final LogoutUrlBuilder builder = oauth.realm(realm).getEndpoints() - .getLogoutBuilder() + final LogoutUrlBuilder builder = oauth.realm(realm).logoutForm() .idTokenHint(idTokenHint) - .clientId(clientId) .initiatingIdp(initiatingIdp); + if (clientId != null) { + builder.withClientId(); + } + if (redirectUri != null && (clientId != null || idTokenHint != null)) { builder.postLogoutRedirectUri(encodeUrl(redirectUri)); } - String logoutUrl = builder.build(); - driver.navigate().to(logoutUrl); + builder.open(); } finally { if (isDifferentContext) { OAuthClient.updateURLs(getAuthServerContextRoot()); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcOidcBrokerTokenExchangeTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcOidcBrokerTokenExchangeTest.java index f93ae695966..a8029b3fb9e 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcOidcBrokerTokenExchangeTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcOidcBrokerTokenExchangeTest.java @@ -180,9 +180,8 @@ public abstract class KcOidcBrokerTokenExchangeTest extends AbstractInitializedB assertThat(tokenResponse.getIdToken(), notNullValue()); String idTokenString = tokenResponse.getIdToken(); oauth.realm(bc.providerRealmName()); - String logoutUrl = oauth.getEndpoints().getLogoutBuilder().idTokenHint(idTokenString) - .postLogoutRedirectUri(oauth.APP_AUTH_ROOT).build(); - driver.navigate().to(logoutUrl); + oauth.logoutForm().idTokenHint(idTokenString) + .postLogoutRedirectUri(oauth.APP_AUTH_ROOT).open(); String logoutToken = testingClient.testApp().getBackChannelRawLogoutToken(); Assert.assertNotNull(logoutToken); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcSamlSignedBrokerTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcSamlSignedBrokerTest.java index 2a69656d39e..5b9a3acef26 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcSamlSignedBrokerTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcSamlSignedBrokerTest.java @@ -1,6 +1,5 @@ package org.keycloak.testsuite.broker; -import org.keycloak.OAuth2Constants; import org.keycloak.broker.saml.SAMLIdentityProviderConfig; import org.keycloak.crypto.Algorithm; import org.keycloak.dom.saml.v2.protocol.AuthnRequestType; @@ -154,11 +153,9 @@ public class KcSamlSignedBrokerTest extends AbstractBrokerTest { final AccessTokenResponse tokenResponse = oauth.doAccessTokenRequest(code); final String idTokenString = tokenResponse.getIdToken(); final String redirectUri = getAccountUrl(getProviderRoot(), bc.providerRealmName()); - final String logoutUri = oauth.realm(bc.providerRealmName()).getEndpoints().getLogoutBuilder() + oauth.realm(bc.providerRealmName()).logoutForm() .idTokenHint(idTokenString) - .postLogoutRedirectUri(redirectUri).build(); - - driver.navigate().to(logoutUri); + .postLogoutRedirectUri(redirectUri).open(); errorPage.assertCurrent(); } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/CIBATest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/CIBATest.java index 17a55b89cfd..fc0fbbfdd8d 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/CIBATest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/CIBATest.java @@ -2222,7 +2222,7 @@ public class CIBATest extends AbstractClientPoliciesTest { LogoutResponse logoutResponse; try (CloseableHttpClient client = MutualTLSUtils.newCloseableHttpClientWithDefaultKeyStoreAndTrustStore()) { oauth.httpClient().set(client); - logoutResponse = oauth.doLogout(accessTokenResponse.getRefreshToken(), TEST_CLIENT_SECRET); + logoutResponse = oauth.doLogout(accessTokenResponse.getRefreshToken()); } catch (IOException ioe) { throw new RuntimeException(ioe); } finally { @@ -2848,7 +2848,7 @@ public class CIBATest extends AbstractClientPoliciesTest { } private EventRepresentation doLogoutByRefreshToken(String refreshToken, String sessionId, String userId, boolean isOfflineAccess) throws IOException { - assertTrue(oauth.doLogout(refreshToken, TEST_CLIENT_PASSWORD).isSuccess()); + assertTrue(oauth.doLogout(refreshToken).isSuccess()); // confirm logged out AccessTokenResponse tokenRes = oauth.doRefreshTokenRequest(refreshToken); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientSecretRotationTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientSecretRotationTest.java index c7ed7357b7e..c3dd903908c 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientSecretRotationTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientSecretRotationTest.java @@ -359,7 +359,7 @@ public class ClientSecretRotationTest extends AbstractRestServiceTest { String code = oauth.parseLoginResponse().getCode(); AccessTokenResponse res = oauth.doAccessTokenRequest(code); assertThat(res.getStatusCode(), equalTo(Status.OK.getStatusCode())); - oauth.doLogout(res.getRefreshToken(), DEFAULT_SECRET); + oauth.doLogout(res.getRefreshToken()); //advance 1 hour setTimeOffset(3601); @@ -415,7 +415,7 @@ public class ClientSecretRotationTest extends AbstractRestServiceTest { String code = oauth.parseLoginResponse().getCode(); AccessTokenResponse res = oauth.doAccessTokenRequest(code); assertThat(res.getStatusCode(), equalTo(Status.OK.getStatusCode())); - oauth.doLogout(res.getRefreshToken(), updatedSecret); + oauth.doLogout(res.getRefreshToken()); //login with rotated secret oauth.client(clientId, firstSecret); @@ -423,7 +423,7 @@ public class ClientSecretRotationTest extends AbstractRestServiceTest { code = oauth.parseLoginResponse().getCode(); res = oauth.doAccessTokenRequest(code); assertThat(res.getStatusCode(), equalTo(Status.OK.getStatusCode())); - oauth.doLogout(res.getRefreshToken(), firstSecret); + oauth.doLogout(res.getRefreshToken()); } @@ -487,7 +487,7 @@ public class ClientSecretRotationTest extends AbstractRestServiceTest { String code = oauth.parseLoginResponse().getCode(); AccessTokenResponse res = oauth.doAccessTokenRequest(code); assertThat(res.getStatusCode(), equalTo(Status.UNAUTHORIZED.getStatusCode())); - oauth.doLogout(res.getRefreshToken(), firstSecret); + oauth.doLogout(res.getRefreshToken()); } @@ -531,7 +531,7 @@ public class ClientSecretRotationTest extends AbstractRestServiceTest { String code = oauth.parseLoginResponse().getCode(); AccessTokenResponse res = oauth.doAccessTokenRequest(code); assertThat(res.getStatusCode(), equalTo(Status.UNAUTHORIZED.getStatusCode())); - oauth.doLogout(res.getRefreshToken(), firstSecret); + oauth.doLogout(res.getRefreshToken()); } @@ -878,7 +878,7 @@ public class ClientSecretRotationTest extends AbstractRestServiceTest { private void successfulLoginAndLogout(String clientId, String clientSecret) { AccessTokenResponse res = successfulLogin(clientId, clientSecret); - oauth.doLogout(res.getRefreshToken(), clientSecret); + oauth.doLogout(res.getRefreshToken()); events.expectLogout(res.getSessionState()).client(clientId).clearDetails().assertEvent(); } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/OAuth2_1ConfidentialClientTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/OAuth2_1ConfidentialClientTest.java index 37210fcfdd3..4b9bb702f6d 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/OAuth2_1ConfidentialClientTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/OAuth2_1ConfidentialClientTest.java @@ -220,7 +220,7 @@ public class OAuth2_1ConfidentialClientTest extends AbstractFAPITest { AccessToken accessToken = oauth.verifyToken(tokenResponse.getAccessToken()); Assert.assertNotNull(accessToken.getConfirmation().getCertThumbprint()); - oauth.idTokenHint(tokenResponse.getIdToken()).openLogout(); + oauth.logoutForm().idTokenHint(tokenResponse.getIdToken()).open(); } private void testProhibitedImplicitOrHybridFlow(boolean isOpenid, String responseType, String nonce) { diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/OAuth2_1PublicClientTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/OAuth2_1PublicClientTest.java index b26bbc991ed..fd5926edb2d 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/OAuth2_1PublicClientTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/OAuth2_1PublicClientTest.java @@ -37,7 +37,6 @@ import org.keycloak.protocol.oidc.utils.OIDCResponseType; import org.keycloak.protocol.oidc.utils.PkceUtils; import org.keycloak.representations.idm.ClientRepresentation; import org.keycloak.representations.oidc.OIDCClientRepresentation; -import org.keycloak.representations.oidc.TokenMetadataRepresentation; import org.keycloak.services.clientpolicy.ClientPolicyException; import org.keycloak.services.clientpolicy.condition.AnyClientConditionFactory; import org.keycloak.testsuite.AssertEvents; @@ -47,7 +46,6 @@ import org.keycloak.testsuite.util.ClientPoliciesUtil; import org.keycloak.testsuite.util.oauth.AccessTokenResponse; import org.keycloak.testsuite.util.oauth.AuthorizationEndpointResponse; import org.keycloak.testsuite.util.oauth.UserInfoResponse; -import org.keycloak.util.JsonSerialization; import java.security.KeyPair; import java.util.Collections; @@ -242,14 +240,14 @@ public class OAuth2_1PublicClientTest extends AbstractFAPITest { UserInfoResponse userInfoResponse = oauth.userInfoRequest(response.getAccessToken()).dpop(dpopProofEcEncoded).send(); assertEquals(TEST_USER_NAME, userInfoResponse.getUserInfo().getPreferredUsername()); - oauth.idTokenHint(response.getIdToken()).openLogout(); + oauth.logoutForm().idTokenHint(response.getIdToken()).open(); // revoke token with a valid DPoP proof - success dpopProofEcEncoded = generateSignedDPoPProof(UUID.randomUUID().toString(), HttpMethod.POST, oauth.getEndpoints().getRevocation(), (long) Time.currentTime(), Algorithm.ES256, jwsEcHeader, ecKeyPair.getPrivate()); oauth.dpopProof(dpopProofEcEncoded); assertTrue(oauth.tokenRevocationRequest(response.getAccessToken()).accessToken().send().isSuccess()); - oauth.idTokenHint(response.getIdToken()).openLogout(); + oauth.logoutForm().idTokenHint(response.getIdToken()).open(); } private void setupPolicyOAuth2_1PublicClientForAllClient() throws Exception { diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/policies/AbstractClientPoliciesTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/policies/AbstractClientPoliciesTest.java index 93472750097..5c98ab69c1d 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/policies/AbstractClientPoliciesTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/policies/AbstractClientPoliciesTest.java @@ -572,7 +572,7 @@ public abstract class AbstractClientPoliciesTest extends AbstractKeycloakTest { parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION_TYPE, OAuth2Constants.CLIENT_ASSERTION_TYPE_JWT)); parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION, signedJwt)); - return sendRequest(oauth.getEndpoints().getLogoutBuilder().build(), parameters); + return sendRequest(oauth.getEndpoints().getLogout(), parameters); } private CloseableHttpResponse sendRequest(String requestUrl, List parameters) throws Exception { @@ -1357,7 +1357,7 @@ public abstract class AbstractClientPoliciesTest extends AbstractKeycloakTest { LogoutResponse logoutResponse; try (CloseableHttpClient client = MutualTLSUtils.newCloseableHttpClientWithDefaultKeyStoreAndTrustStore()) { oauth.httpClient().set(client); - logoutResponse = oauth.doLogout(accessTokenResponse.getRefreshToken(), TEST_CLIENT_SECRET); + logoutResponse = oauth.doLogout(accessTokenResponse.getRefreshToken()); } catch (IOException ioe) { throw new RuntimeException(ioe); } finally { @@ -1384,7 +1384,7 @@ public abstract class AbstractClientPoliciesTest extends AbstractKeycloakTest { assertEquals(OAuthErrorException.INVALID_GRANT, accessTokenResponse.getError()); // Check frontchannel logout and login. - driver.navigate().to(oauth.getEndpoints().getLogoutBuilder().build()); + oauth.openLogoutForm(); logoutConfirmPage.assertCurrent(); logoutConfirmPage.confirmLogout(); loginResponse = oauth.doLogin(TEST_USER_NAME, TEST_USER_PASSWORD); @@ -1428,7 +1428,7 @@ public abstract class AbstractClientPoliciesTest extends AbstractKeycloakTest { // Check logout without certificate try (CloseableHttpClient client = MutualTLSUtils.newCloseableHttpClientWithoutKeyStoreAndTrustStore()) { oauth.httpClient().set(client); - logoutResponse = oauth.doLogout(accessTokenResponse.getRefreshToken(), TEST_CLIENT_SECRET); + logoutResponse = oauth.doLogout(accessTokenResponse.getRefreshToken()); } catch (IOException ioe) { throw new RuntimeException(ioe); } finally { @@ -1439,7 +1439,7 @@ public abstract class AbstractClientPoliciesTest extends AbstractKeycloakTest { // Check logout. try (CloseableHttpClient client = MutualTLSUtils.newCloseableHttpClientWithDefaultKeyStoreAndTrustStore()) { oauth.httpClient().set(client); - logoutResponse = oauth.doLogout(accessTokenResponse.getRefreshToken(), TEST_CLIENT_SECRET); + logoutResponse = oauth.doLogout(accessTokenResponse.getRefreshToken()); } catch (IOException ioe) { throw new RuntimeException(ioe); } finally { @@ -1501,7 +1501,7 @@ public abstract class AbstractClientPoliciesTest extends AbstractKeycloakTest { protected void successfulLoginAndLogout(String clientId, String clientSecret) { AccessTokenResponse res = successfulLogin(clientId, clientSecret); - oauth.doLogout(res.getRefreshToken(), clientSecret); + oauth.doLogout(res.getRefreshToken()); events.expectLogout(res.getSessionState()).client(clientId).clearDetails().assertEvent(); } @@ -1590,7 +1590,7 @@ public abstract class AbstractClientPoliciesTest extends AbstractKeycloakTest { assertEquals("PKCE code verifier not specified", res.getErrorDescription()); events.expect(EventType.CODE_TO_TOKEN_ERROR).client(clientId).session(sessionId).clearDetails().error(Errors.CODE_VERIFIER_MISSING).assertEvent(); - oauth.idTokenHint(res.getIdToken()).openLogout(); + oauth.logoutForm().idTokenHint(res.getIdToken()).open(); events.expectLogout(sessionId).clearDetails().assertEvent(); } @@ -1652,9 +1652,9 @@ public abstract class AbstractClientPoliciesTest extends AbstractKeycloakTest { oauth.client(clientId, secret); AuthorizationEndpointResponse loginResponse = oauth.doLogin(TEST_USER_NAME, TEST_USER_PASSWORD); - String code = oauth.parseLoginResponse().getCode(); + String code = loginResponse.getCode(); AccessTokenResponse res = oauth.doAccessTokenRequest(code); assertThat(res.getStatusCode(), equalTo(status.getStatusCode())); - oauth.doLogout(res.getRefreshToken(), secret); + oauth.doLogout(res.getRefreshToken()); } } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/policies/ClientPoliciesExecutorTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/policies/ClientPoliciesExecutorTest.java index d0c4435826d..729409af5f6 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/policies/ClientPoliciesExecutorTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/policies/ClientPoliciesExecutorTest.java @@ -304,7 +304,7 @@ public class ClientPoliciesExecutorTest extends AbstractClientPoliciesTest { assertEquals(200, res.getStatusCode()); events.expectCodeToToken(codeId, sessionId).client(clientId).assertEvent(); - oauth.doLogout(res.getRefreshToken(), clientSecret); + oauth.doLogout(res.getRefreshToken()); events.expectLogout(sessionId).client(clientId).clearDetails().assertEvent(); // update profiles @@ -327,7 +327,7 @@ public class ClientPoliciesExecutorTest extends AbstractClientPoliciesTest { assertEquals(200, res.getStatusCode()); events.expectCodeToToken(codeId, sessionId).client(clientId).assertEvent(); - oauth.doLogout(res.getRefreshToken(), clientSecret); + oauth.doLogout(res.getRefreshToken()); events.expectLogout(sessionId).client(clientId).clearDetails().assertEvent(); // shall allow code using response_mode jwt @@ -348,7 +348,7 @@ public class ClientPoliciesExecutorTest extends AbstractClientPoliciesTest { ).toString(); updateProfiles(json); - oauth.openLogout(); + oauth.openLogoutForm(); oauth.responseType(OIDCResponseType.CODE + " " + OIDCResponseType.ID_TOKEN + " " + OIDCResponseType.TOKEN); // token response type allowed oauth.responseMode("jwt"); oauth.openLoginForm(); @@ -450,7 +450,7 @@ public class ClientPoliciesExecutorTest extends AbstractClientPoliciesTest { assertEquals(200, res.getStatusCode()); events.expectCodeToToken(codeId, sessionId).client(clientId).assertEvent(); - oauth.doLogout(res.getRefreshToken(), clientSecret); + oauth.doLogout(res.getRefreshToken()); events.expectLogout(sessionId).client(clientId).clearDetails().assertEvent(); } @@ -770,7 +770,7 @@ public class ClientPoliciesExecutorTest extends AbstractClientPoliciesTest { oauth.requestUri(requestUri); AuthorizationEndpointResponse loginResponse = oauth.doLogin(TEST_USER_NAME, TEST_USER_PASSWORD); assertNotNull(loginResponse.getCode()); - oauth.openLogout(); + oauth.openLogoutForm(); requestObject.exp(null); oauth.requestUri(null); @@ -1479,7 +1479,7 @@ public class ClientPoliciesExecutorTest extends AbstractClientPoliciesTest { AccessTokenResponse response = successfulLogin(clientId, clientSecret); - oauth.idTokenHint(response.getIdToken()).openLogout(); + oauth.logoutForm().idTokenHint(response.getIdToken()).open(); assertTrue(driver.getPageSource().contains("Front-channel logout is not allowed for this client")); } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/policies/ClientPoliciesTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/policies/ClientPoliciesTest.java index a62cf76d4c1..d2936f1bc39 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/policies/ClientPoliciesTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/policies/ClientPoliciesTest.java @@ -1253,7 +1253,7 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest { assertEquals(intentId, clientBoundIntentId); // logout - oauth.doLogout(response.getRefreshToken(), clientSecret); + oauth.doLogout(response.getRefreshToken()); events.expectLogout(response.getSessionState()).client(clientId).clearDetails().assertEvent(); // create a request object with invalid claims @@ -1348,7 +1348,7 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest { successfulLogin(clientId, clientSecret); configureClientPolicyToBlockGrantTypes(ClientPolicyEvent.AUTHORIZATION_REQUEST, List.of(OAuth2Constants.AUTHORIZATION_CODE)); - oauth.openLogout(); + oauth.openLogoutForm(); oauth.openLoginForm(); MultivaluedHashMap queryParams = UriUtils.decodeQueryString(new URL(Objects.requireNonNull(driver.getCurrentUrl())).getQuery()); assertEquals(ClientPolicyEvent.AUTHORIZATION_REQUEST.toString(), queryParams.getFirst("error")); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/policies/SecureRedirectUrisEnforcerExecutorTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/policies/SecureRedirectUrisEnforcerExecutorTest.java index 550db6a0bf8..18825807ab7 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/policies/SecureRedirectUrisEnforcerExecutorTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/policies/SecureRedirectUrisEnforcerExecutorTest.java @@ -707,6 +707,6 @@ public class SecureRedirectUrisEnforcerExecutorTest extends AbstractClientPolici Assert.assertNotNull(response.getCode()); AccessTokenResponse res = oauth.doAccessTokenRequest(response.getCode()); assertEquals(200, res.getStatusCode()); - oauth.doLogout(res.getRefreshToken(), "secret"); + oauth.doLogout(res.getRefreshToken()); } } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/cluster/AbstractFailoverClusterTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/cluster/AbstractFailoverClusterTest.java index 47c1501ccac..2b22f7befe1 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/cluster/AbstractFailoverClusterTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/cluster/AbstractFailoverClusterTest.java @@ -138,8 +138,7 @@ public abstract class AbstractFailoverClusterTest extends AbstractClusterTest { } protected void logout() { - String logoutUrl = oauth.getEndpoints().getLogoutBuilder().build(); - driver.navigate().to(logoutUrl); + oauth.openLogoutForm(); logoutConfirmPage.assertCurrent(); logoutConfirmPage.confirmLogout(); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/crossdc/LoginCrossDCTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/crossdc/LoginCrossDCTest.java index beb187905ca..30a90b16399 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/crossdc/LoginCrossDCTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/crossdc/LoginCrossDCTest.java @@ -42,7 +42,7 @@ public class LoginCrossDCTest extends AbstractAdminCrossDCTest { AccessTokenResponse response2 = oauth.doAccessTokenRequest(code); Assert.assertNotNull(response2.getAccessToken()); - LogoutResponse logoutResponse = oauth.doLogout(response2.getRefreshToken(), "password"); + LogoutResponse logoutResponse = oauth.doLogout(response2.getRefreshToken()); assertTrue(logoutResponse.isSuccess()); log.infof("Iteration %d finished", i); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/AbstractKerberosSingleRealmTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/AbstractKerberosSingleRealmTest.java index f5bb001353d..bb7bade945d 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/AbstractKerberosSingleRealmTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/AbstractKerberosSingleRealmTest.java @@ -206,7 +206,7 @@ public abstract class AbstractKerberosSingleRealmTest extends AbstractKerberosTe events.poll(); // Logout - oauth.openLogout(); + oauth.logoutForm().idTokenHint(tokenResponse.getIdToken()).open(); events.poll(); // Remove protocolMapper diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/AbstractKerberosTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/AbstractKerberosTest.java index c8069f1218a..dd1d8484671 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/AbstractKerberosTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/AbstractKerberosTest.java @@ -214,8 +214,6 @@ public abstract class AbstractKerberosTest extends AbstractAuthTest { Assert.assertEquals(userId, token.getSubject()); Assert.assertEquals(expectedUsername, token.getPreferredUsername()); - oauth.idTokenHint(tokenResponse.getIdToken()); - return tokenResponse; } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/KerberosLdapCrossRealmTrustTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/KerberosLdapCrossRealmTrustTest.java index a140b12b512..fbe41393e02 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/KerberosLdapCrossRealmTrustTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/KerberosLdapCrossRealmTrustTest.java @@ -77,7 +77,7 @@ public class KerberosLdapCrossRealmTrustTest extends AbstractKerberosTest { assertUser("hnelson2", "hnelson2@kc2.com", "Horatio", "Nelson", "hnelson2@KC2.COM", false); // Logout - oauth.openLogout(); + oauth.logoutForm().idTokenHint(tokenResponse.getIdToken()).open(); events.poll(); } @@ -93,7 +93,7 @@ public class KerberosLdapCrossRealmTrustTest extends AbstractKerberosTest { assertUser("jduke2", "jduke2@kc2.com", "Java", "Duke", "jduke@KC2.COM", false); // Logout - oauth.openLogout(); + oauth.logoutForm().idTokenHint(tokenResponse.getIdToken()).open(); events.poll(); // Another login to check the scenario when user is in local storage @@ -102,7 +102,7 @@ public class KerberosLdapCrossRealmTrustTest extends AbstractKerberosTest { Assert.assertEquals(token.getEmail(), "jduke2@kc2.com"); // Logout - oauth.openLogout(); + oauth.logoutForm().idTokenHint(tokenResponse.getIdToken()).open(); events.poll(); } @@ -119,7 +119,7 @@ public class KerberosLdapCrossRealmTrustTest extends AbstractKerberosTest { Assert.assertTrue(testAppHelper.login("jduke", "theduke")); // Logout - oauth.openLogout(); + testAppHelper.logout(); events.poll(); } @@ -136,7 +136,7 @@ public class KerberosLdapCrossRealmTrustTest extends AbstractKerberosTest { assertUser("jduke", "jduke@keycloak.org", "Java", "Duke", null, false); // Logout - oauth.openLogout(); + oauth.logoutForm().idTokenHint(tokenResponse.getIdToken()).open(); events.poll(); // This refers to same user as above login @@ -146,7 +146,7 @@ public class KerberosLdapCrossRealmTrustTest extends AbstractKerberosTest { Assert.assertEquals(token.getEmail(), "jduke@keycloak.org"); // Logout - oauth.openLogout(); + oauth.logoutForm().idTokenHint(tokenResponse.getIdToken()).open(); events.poll(); } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/KerberosStandaloneCrossRealmTrustTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/KerberosStandaloneCrossRealmTrustTest.java index 3e31930b8f9..2d8dcc625fd 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/KerberosStandaloneCrossRealmTrustTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/KerberosStandaloneCrossRealmTrustTest.java @@ -29,6 +29,7 @@ import org.keycloak.testsuite.Assert; import org.keycloak.testsuite.util.KerberosRule; import org.keycloak.testsuite.KerberosEmbeddedServer; import org.keycloak.testsuite.util.TestAppHelper; +import org.keycloak.testsuite.util.oauth.AccessTokenResponse; /** * @author Marek Posolda @@ -74,11 +75,11 @@ public class KerberosStandaloneCrossRealmTrustTest extends AbstractKerberosTest @Test public void test02spnegoLoginDifferentRealmTest() throws Exception { // Cross-realm trust login. Realm KEYCLOAK.ORG trusts realm KC2.COM. - assertSuccessfulSpnegoLogin("hnelson2@KC2.COM", "hnelson2@kc2.com", "secret"); + AccessTokenResponse tokenResponse = assertSuccessfulSpnegoLogin("hnelson2@KC2.COM", "hnelson2@kc2.com", "secret"); assertUser("hnelson2@kc2.com", "hnelson2@kc2.com", null, null, "hnelson2@KC2.COM", false); // Logout - oauth.openLogout(); + oauth.logoutForm().idTokenHint(tokenResponse.getIdToken()).open(); events.poll(); // Another login to check the scenario when user is in local storage diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPMultipleAttributesTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPMultipleAttributesTest.java index 8da1ec8ff36..3647f643a2b 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPMultipleAttributesTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPMultipleAttributesTest.java @@ -203,7 +203,7 @@ public class LDAPMultipleAttributesTest extends AbstractLDAPTest { Assert.assertTrue(postalCodes.contains("88441")); Assert.assertTrue(postalCodes.contains("77332")); - oauth.doLogout(response.getRefreshToken(), "password"); + oauth.doLogout(response.getRefreshToken()); // Login as jbrown loginPage.open(); @@ -222,7 +222,7 @@ public class LDAPMultipleAttributesTest extends AbstractLDAPTest { Assert.assertTrue(postalCodes.contains("88441")); Assert.assertFalse(postalCodes.contains("77332")); - oauth.doLogout(response.getRefreshToken(), "password"); + oauth.doLogout(response.getRefreshToken()); } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPProvidersIntegrationTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPProvidersIntegrationTest.java index a9a8afa09ec..26ebc6872f1 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPProvidersIntegrationTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPProvidersIntegrationTest.java @@ -22,7 +22,6 @@ import org.junit.ClassRule; import org.junit.FixMethodOrder; import org.junit.Test; import org.junit.runners.MethodSorters; -import org.keycloak.OAuth2Constants; import org.keycloak.admin.client.resource.RealmResource; import org.keycloak.admin.client.resource.UserResource; import org.keycloak.component.ComponentModel; @@ -383,7 +382,7 @@ public class LDAPProvidersIntegrationTest extends AbstractLDAPTest { Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType()); AccessTokenResponse tokenResponse = sendTokenRequestAndGetResponse(events.poll()); - oauth.idTokenHint(tokenResponse.getIdToken()).openLogout(); + oauth.logoutForm().idTokenHint(tokenResponse.getIdToken()).withRedirect().open(); events.poll(); } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/BrokenUserStorageTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/BrokenUserStorageTest.java index ff56038b3f9..6ccab76938a 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/BrokenUserStorageTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/BrokenUserStorageTest.java @@ -22,7 +22,6 @@ import org.jboss.arquillian.test.api.ArquillianResource; import org.junit.After; import org.junit.Assert; import org.junit.Test; -import org.keycloak.OAuth2Constants; import org.keycloak.admin.client.resource.RealmResource; import org.keycloak.component.ComponentModel; import org.keycloak.models.RealmModel; @@ -64,7 +63,7 @@ public class BrokenUserStorageTest extends AbstractTestRealmKeycloakTest { loginPage.login(username, password); Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType()); Assert.assertNotNull(oauth.parseLoginResponse().getCode()); - oauth.openLogout(); + oauth.openLogoutForm(); } @Test diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/UserStorageFailureTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/UserStorageFailureTest.java index 32a84c6d6a2..d591173b0ab 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/UserStorageFailureTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/UserStorageFailureTest.java @@ -245,7 +245,7 @@ public class UserStorageFailureTest extends AbstractTestRealmKeycloakTest { Assert.assertTrue(appPage.isCurrent()); Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType()); Assert.assertNotNull(oauth.parseLoginResponse().getCode()); - oauth.openLogout(); + oauth.openLogoutForm(); } @Test diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/MultipleTabsLoginTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/MultipleTabsLoginTest.java index 48d7ee7c6a4..60f75fd3bbd 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/MultipleTabsLoginTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/MultipleTabsLoginTest.java @@ -416,7 +416,7 @@ public class MultipleTabsLoginTest extends AbstractTestRealmKeycloakTest { appPage.assertCurrent(); events.clear(); // logout in the second tab - oauth.idTokenHint(tokenResponse.getIdToken()).openLogout(); + oauth.logoutForm().idTokenHint(tokenResponse.getIdToken()).withRedirect().open(); events.expectLogout(accessToken.getSessionState()).user(userId).session(accessToken.getSessionState()).assertEvent(); // re-login in the second tab oauth.openLoginForm(); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/RPInitiatedFrontChannelLogoutTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/RPInitiatedFrontChannelLogoutTest.java index 0ddac16dcf6..907bd75fdd4 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/RPInitiatedFrontChannelLogoutTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/RPInitiatedFrontChannelLogoutTest.java @@ -18,7 +18,6 @@ package org.keycloak.testsuite.forms; import org.junit.Assert; import org.junit.Test; -import org.keycloak.OAuth2Constants; import org.keycloak.admin.client.resource.ClientsResource; import org.keycloak.jose.jws.JWSInput; import org.keycloak.models.BrowserSecurityHeaders; @@ -57,9 +56,8 @@ public class RPInitiatedFrontChannelLogoutTest extends AbstractTestRealmKeycloak String code = oauth.parseLoginResponse().getCode(); AccessTokenResponse tokenResponse = oauth.doAccessTokenRequest(code); String idTokenString = tokenResponse.getIdToken(); - String logoutUrl = oauth.getEndpoints().getLogoutBuilder().idTokenHint(idTokenString) - .postLogoutRedirectUri(OAuthClient.APP_AUTH_ROOT).build(); - driver.navigate().to(logoutUrl); + oauth.logoutForm().idTokenHint(idTokenString) + .postLogoutRedirectUri(OAuthClient.APP_AUTH_ROOT).open(); LogoutToken logoutToken = testingClient.testApp().getFrontChannelLogoutToken(); Assert.assertNotNull(logoutToken); @@ -88,9 +86,8 @@ public class RPInitiatedFrontChannelLogoutTest extends AbstractTestRealmKeycloak String code = oauth.parseLoginResponse().getCode(); AccessTokenResponse tokenResponse = oauth.doAccessTokenRequest(code); String idTokenString = tokenResponse.getIdToken(); - String logoutUrl = oauth.getEndpoints().getLogoutBuilder().idTokenHint(idTokenString) - .postLogoutRedirectUri(OAuthClient.APP_AUTH_ROOT).build(); - driver.navigate().to(logoutUrl); + oauth.logoutForm().idTokenHint(idTokenString) + .postLogoutRedirectUri(OAuthClient.APP_AUTH_ROOT).open(); LogoutToken logoutToken = testingClient.testApp().getFrontChannelLogoutToken(); Assert.assertNotNull(logoutToken); @@ -118,8 +115,7 @@ public class RPInitiatedFrontChannelLogoutTest extends AbstractTestRealmKeycloak String code = oauth.parseLoginResponse().getCode(); AccessTokenResponse tokenResponse = oauth.doAccessTokenRequest(code); String idTokenString = tokenResponse.getIdToken(); - String logoutUrl = oauth.getEndpoints().getLogoutBuilder().idTokenHint(idTokenString).build(); - driver.navigate().to(logoutUrl); + oauth.logoutForm().idTokenHint(idTokenString).open(); LogoutToken logoutToken = testingClient.testApp().getFrontChannelLogoutToken(); org.keycloak.testsuite.Assert.assertNotNull(logoutToken); IDToken idToken = new JWSInput(idTokenString).readJsonContent(IDToken.class); @@ -151,8 +147,7 @@ public class RPInitiatedFrontChannelLogoutTest extends AbstractTestRealmKeycloak String code = oauth.parseLoginResponse().getCode(); AccessTokenResponse tokenResponse = oauth.doAccessTokenRequest(code); String idTokenString = tokenResponse.getIdToken(); - String logoutUrl = oauth.getEndpoints().getLogoutBuilder().idTokenHint(idTokenString).build(); - driver.navigate().to(logoutUrl); + oauth.logoutForm().idTokenHint(idTokenString).open(); LogoutToken logoutToken = testingClient.testApp().getFrontChannelLogoutToken(); Assert.assertNotNull(logoutToken); IDToken idToken = new JWSInput(idTokenString).readJsonContent(IDToken.class); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/ReAuthenticationTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/ReAuthenticationTest.java index 740ee24d898..2aa7304af8e 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/ReAuthenticationTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/ReAuthenticationTest.java @@ -390,7 +390,7 @@ public class ReAuthenticationTest extends AbstractTestRealmKeycloakTest { AccessTokenResponse response1 = oauth.doAccessTokenRequest(code); AccessToken accessToken1 = oauth.verifyToken(response1.getAccessToken()); - oauth.doLogout(response1.getRefreshToken(), "password"); + oauth.doLogout(response1.getRefreshToken()); oauth.openLoginForm(); loginPage.assertCurrent(); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/RegisterTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/RegisterTest.java index 86269686056..82cfa7f57cd 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/RegisterTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/RegisterTest.java @@ -102,6 +102,8 @@ public class RegisterTest extends AbstractTestRealmKeycloakTest { @Rule public GreenMailRule greenMail = new GreenMailRule(); + private String idTokenHint; + @Override public void configureTestRealm(RealmRepresentation testRealm) { } @@ -194,7 +196,7 @@ public class RegisterTest extends AbstractTestRealmKeycloakTest { public void registerUpperCaseEmailWithChangedEmailAsUsername() throws IOException { String userId = registerUpperCaseAndGetUserId(false); assertThat(userId, notNullValue()); - oauth.openLogout(); + oauth.logoutForm().idTokenHint(idTokenHint).open(); events.clear(); try (RealmAttributeUpdater rau = configureRealmRegistrationEmailAsUsername(true).update()) { @@ -936,7 +938,7 @@ public class RegisterTest extends AbstractTestRealmKeycloakTest { .user(userId) .assertEvent(); AccessTokenResponse tokenResponse = sendTokenRequestAndGetResponse(loginEvent); - oauth.idTokenHint(tokenResponse.getIdToken()); + idTokenHint = tokenResponse.getIdToken(); assertUserBasicRegisterAttributes(userId, emailAsUsername ? null : USERNAME, EMAIL, "firstName", "lastName"); return userId; diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/ResetCredentialsAlternativeFlowsTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/ResetCredentialsAlternativeFlowsTest.java index 28c86b620c7..3a4af537b86 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/ResetCredentialsAlternativeFlowsTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/ResetCredentialsAlternativeFlowsTest.java @@ -23,7 +23,6 @@ import org.junit.Assert; import org.junit.Before; import org.junit.Rule; import org.junit.Test; -import org.keycloak.OAuth2Constants; import org.keycloak.models.UserManager; import org.keycloak.models.UserModel; import org.keycloak.models.utils.DefaultAuthenticationFlows; @@ -50,7 +49,6 @@ import org.keycloak.testsuite.util.*; import jakarta.mail.internet.MimeMessage; import org.keycloak.testsuite.util.oauth.AccessTokenResponse; -import org.keycloak.testsuite.util.oauth.AuthorizationEndpointResponse; import java.util.Arrays; import java.util.List; @@ -361,7 +359,7 @@ public class ResetCredentialsAlternativeFlowsTest extends AbstractAppInitiatedAc assertKcActionStatus(SUCCESS); // Logout - oauth.idTokenHint(response.getIdToken()).openLogout(); + oauth.logoutForm().idTokenHint(response.getIdToken()).open(); // Go to login page & click "Forgot password" link to perform the custom 'Reset Credential' flow loginPage.open(); @@ -425,7 +423,7 @@ public class ResetCredentialsAlternativeFlowsTest extends AbstractAppInitiatedAc Assert.assertTrue(AccountHelper.deleteTotpAuthentication(testRealm(), "login-test")); // Logout - driver.navigate().to(oauth.getEndpoints().getLogoutBuilder().build()); + oauth.openLogoutForm(); logoutConfirmPage.assertCurrent(); logoutConfirmPage.confirmLogout(); @@ -453,7 +451,7 @@ public class ResetCredentialsAlternativeFlowsTest extends AbstractAppInitiatedAc Assert.assertTrue(AccountHelper.totpUserLabelComparator(testRealm(), "bwilson", "")); // Logout - driver.navigate().to(oauth.getEndpoints().getLogoutBuilder().build()); + oauth.openLogoutForm(); logoutConfirmPage.assertCurrent(); logoutConfirmPage.confirmLogout(); @@ -488,7 +486,7 @@ public class ResetCredentialsAlternativeFlowsTest extends AbstractAppInitiatedAc Assert.assertTrue(AccountHelper.deleteTotpAuthentication(testRealm(), "bwilson")); // Logout - driver.navigate().to(oauth.getEndpoints().getLogoutBuilder().build()); + oauth.openLogoutForm(); logoutConfirmPage.assertCurrent(); logoutConfirmPage.confirmLogout(); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/ResetPasswordTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/ResetPasswordTest.java index e7f90f250cf..2b59b5fcac7 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/ResetPasswordTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/ResetPasswordTest.java @@ -512,7 +512,7 @@ public class ResetPasswordTest extends AbstractTestRealmKeycloakTest { String sessionId = loginEvent.getSessionId(); AccessTokenResponse tokenResponse = sendTokenRequestAndGetResponse(loginEvent); - oauth.idTokenHint(tokenResponse.getIdToken()).openLogout(); + oauth.logoutForm().idTokenHint(tokenResponse.getIdToken()).withRedirect().open(); events.expectLogout(sessionId).user(userId).session(sessionId).assertEvent(); @@ -526,7 +526,7 @@ public class ResetPasswordTest extends AbstractTestRealmKeycloakTest { assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType()); tokenResponse = sendTokenRequestAndGetResponse(loginEvent); - oauth.idTokenHint(tokenResponse.getIdToken()).openLogout(); + oauth.logoutForm().idTokenHint(tokenResponse.getIdToken()).withRedirect().open(); events.expectLogout(sessionId).user(userId).session(sessionId).assertEvent(); } @@ -1147,7 +1147,7 @@ public class ResetPasswordTest extends AbstractTestRealmKeycloakTest { String sessionId = loginEvent.getSessionId(); AccessTokenResponse tokenResponse = sendTokenRequestAndGetResponse(loginEvent); - oauth.idTokenHint(tokenResponse.getIdToken()).openLogout(); + oauth.logoutForm().idTokenHint(tokenResponse.getIdToken()).withRedirect().open(); events.expectLogout(sessionId).user(userId).session(sessionId).assertEvent(); @@ -1365,8 +1365,7 @@ public class ResetPasswordTest extends AbstractTestRealmKeycloakTest { resetPasswordInNewTab(defaultUser, CLIENT_ID, REDIRECT_URI); assertThat(driver.getCurrentUrl(), Matchers.containsString(REDIRECT_URI)); - String logoutUrl = oauth.getEndpoints().getLogoutBuilder().build(); - driver.navigate().to(logoutUrl); + oauth.openLogoutForm(); logoutConfirmPage.assertCurrent(); logoutConfirmPage.confirmLogout(); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/SSOTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/SSOTest.java index 8287572289f..b6a5bd39c99 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/SSOTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/SSOTest.java @@ -22,7 +22,6 @@ import org.jboss.arquillian.graphene.page.Page; import org.junit.Assert; import org.junit.Rule; import org.junit.Test; -import org.keycloak.OAuth2Constants; import org.keycloak.events.Details; import org.keycloak.events.EventType; import org.keycloak.models.UserModel; @@ -40,7 +39,6 @@ import org.keycloak.testsuite.pages.LoginPage; import org.keycloak.testsuite.pages.LoginPasswordUpdatePage; import org.keycloak.testsuite.util.MutualTLSUtils; import org.keycloak.testsuite.util.oauth.AccessTokenResponse; -import org.keycloak.testsuite.util.oauth.AuthorizationEndpointResponse; import org.keycloak.testsuite.util.oauth.OAuthClient; import org.openqa.selenium.WebDriver; @@ -146,7 +144,7 @@ public class SSOTest extends AbstractTestRealmKeycloakTest { assertNotEquals(login1.getSessionId(), login2.getSessionId()); AccessTokenResponse tokenResponse = sendTokenRequestAndGetResponse(login1); - oauth.idTokenHint(tokenResponse.getIdToken()).openLogout(); + oauth.logoutForm().idTokenHint(tokenResponse.getIdToken()).withRedirect().open(); events.expectLogout(login1.getSessionId()).assertEvent(); oauth.openLoginForm(); @@ -162,7 +160,7 @@ public class SSOTest extends AbstractTestRealmKeycloakTest { String code = oauth2.parseLoginResponse().getCode(); AccessTokenResponse response = oauth2.doAccessTokenRequest(code); events.poll(); - oauth2.idTokenHint(response.getIdToken()).openLogout(); + oauth2.logoutForm().idTokenHint(response.getIdToken()).withRedirect().open(); events.expectLogout(login2.getSessionId()).assertEvent(); oauth2.openLoginForm(); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/AbstractClientAuthSignedJWTTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/AbstractClientAuthSignedJWTTest.java index b43e2fa1eab..b3dafbd6ed4 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/AbstractClientAuthSignedJWTTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/AbstractClientAuthSignedJWTTest.java @@ -274,7 +274,7 @@ public abstract class AbstractClientAuthSignedJWTTest extends AbstractKeycloakTe assertEquals(200, response.getStatusCode()); oauth.verifyToken(response.getAccessToken()); - oauth.idTokenHint(response.getIdToken()).openLogout(); + oauth.logoutForm().idTokenHint(response.getIdToken()).open(); return clientSignedToken; } finally { // Revert jwks_url settings @@ -693,7 +693,7 @@ public abstract class AbstractClientAuthSignedJWTTest extends AbstractKeycloakTe parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION_TYPE, OAuth2Constants.CLIENT_ASSERTION_TYPE_JWT)); parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION, signedJwt)); - return sendRequest(oauth.getEndpoints().getLogoutBuilder().build(), parameters); + return sendRequest(oauth.getEndpoints().getLogout(), parameters); } protected AccessTokenResponse doClientCredentialsGrantRequest(String signedJwt) throws Exception { diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/AccessTokenTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/AccessTokenTest.java index 9d9baaf1032..b7493f8c8fa 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/AccessTokenTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/AccessTokenTest.java @@ -1382,7 +1382,7 @@ public class AccessTokenTest extends AbstractKeycloakTest { String encodedSignature = token.split("\\.",3)[2]; byte[] signature = Base64Url.decode(encodedSignature); Assert.assertEquals(expectedLength, signature.length); - oauth.idTokenHint(response.getIdToken()).openLogout(); + oauth.logoutForm().idTokenHint(response.getIdToken()).open(); } private void conductAccessTokenRequest(String expectedRefreshAlg, String expectedAccessAlg, String expectedIdTokenAlg) throws Exception { diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/AuthorizationCodeTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/AuthorizationCodeTest.java index 2eedcc93455..1d6670c8ea2 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/AuthorizationCodeTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/AuthorizationCodeTest.java @@ -19,6 +19,7 @@ package org.keycloak.testsuite.oauth; import jakarta.ws.rs.client.Client; import jakarta.ws.rs.core.HttpHeaders; import jakarta.ws.rs.core.Response; +import jakarta.ws.rs.core.UriBuilder; import org.jboss.arquillian.graphene.page.Page; import org.junit.Assert; import org.junit.Before; @@ -382,13 +383,12 @@ public class AuthorizationCodeTest extends AbstractKeycloakTest { @Test public void authorizationRequestParamsMoreThanOnce() throws IOException { oauth.stateParamHardcoded("OpenIdConnect.AuthenticationProperties=2302984sdlk"); - Map extraParams = new HashMap<>(); - oauth.addCustomParameter(OAuth2Constants.SCOPE, "read_write") - .addCustomParameter(OAuth2Constants.STATE, "abcdefg") - .addCustomParameter(OAuth2Constants.SCOPE, "pop push"); + String logoutUrl = UriBuilder.fromUri(oauth.loginForm().build()).queryParam(OAuth2Constants.SCOPE, "read_write") + .queryParam(OAuth2Constants.STATE, "abcdefg") + .queryParam(OAuth2Constants.SCOPE, "pop push").build().toString(); - oauth.openLoginForm(); + driver.navigate().to(logoutUrl); AuthorizationEndpointResponse response = oauth.parseLoginResponse(); @@ -402,13 +402,13 @@ public class AuthorizationCodeTest extends AbstractKeycloakTest { public void authorizationRequestClientParamsMoreThanOnce() throws IOException { oauth.stateParamHardcoded("OpenIdConnect.AuthenticationProperties=2302984sdlk"); - oauth.addCustomParameter(OAuth2Constants.SCOPE, "read_write") - .addCustomParameter(OAuth2Constants.CLIENT_ID, "client2client") - .addCustomParameter(OAuth2Constants.REDIRECT_URI, "https://www.example.com") - .addCustomParameter(OAuth2Constants.STATE, "abcdefg") - .addCustomParameter(OAuth2Constants.SCOPE, "pop push"); + String logoutUrl = UriBuilder.fromUri(oauth.loginForm().build()).queryParam(OAuth2Constants.SCOPE, "read_write") + .queryParam(OAuth2Constants.CLIENT_ID, "client2client") + .queryParam(OAuth2Constants.REDIRECT_URI, "https://www.example.com") + .queryParam(OAuth2Constants.STATE, "abcdefg") + .queryParam(OAuth2Constants.SCOPE, "pop push").build().toString(); - oauth.openLoginForm(); + driver.navigate().to(logoutUrl); assertTrue(errorPage.isCurrent()); assertEquals("Invalid Request", errorPage.getError()); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/DPoPTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/DPoPTest.java index 5060b00b30a..7f2e83fc667 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/DPoPTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/DPoPTest.java @@ -235,7 +235,7 @@ public class DPoPTest extends AbstractTestRealmKeycloakTest { refreshToken = oauth.parseRefreshToken(response.getRefreshToken()); assertNull(refreshToken.getConfirmation()); - oauth.doLogout(response.getRefreshToken(), TEST_CONFIDENTIAL_CLIENT_SECRET); + oauth.doLogout(response.getRefreshToken()); } @Test @@ -272,7 +272,7 @@ public class DPoPTest extends AbstractTestRealmKeycloakTest { refreshToken = oauth.parseRefreshToken(response.getRefreshToken()); assertNull(refreshToken.getConfirmation()); - oauth.idTokenHint(response.getIdToken()).openLogout(); + oauth.logoutForm().idTokenHint(response.getIdToken()).open(); } finally { changeDPoPBound(TEST_PUBLIC_CLIENT_ID, true); } @@ -298,7 +298,7 @@ public class DPoPTest extends AbstractTestRealmKeycloakTest { assertEquals(OAuthErrorException.INVALID_REQUEST, response.getError()); assertEquals("DPoP proof has already been used", response.getErrorDescription()); - oauth.idTokenHint(response.getIdToken()).openLogout(); + oauth.logoutForm().idTokenHint(response.getIdToken()).open(); } @Test @@ -322,7 +322,7 @@ public class DPoPTest extends AbstractTestRealmKeycloakTest { assertEquals(OAuthErrorException.INVALID_REQUEST, response.getError()); assertEquals("DPoP proof is missing", response.getErrorDescription()); - oauth.doLogout(response.getRefreshToken(), TEST_CONFIDENTIAL_CLIENT_SECRET); + oauth.doLogout(response.getRefreshToken()); } @Test @@ -372,7 +372,7 @@ public class DPoPTest extends AbstractTestRealmKeycloakTest { String code = oauth.parseLoginResponse().getCode(); AccessTokenResponse response = oauth.doAccessTokenRequest(code); assertEquals(TokenUtil.TOKEN_TYPE_DPOP, response.getTokenType()); - oauth.doLogout(response.getRefreshToken(), TEST_CONFIDENTIAL_CLIENT_SECRET); + oauth.doLogout(response.getRefreshToken()); testDPoPProofFailure(dpopProofEcEncoded, "DPoP proof has already been used"); } @@ -415,7 +415,7 @@ public class DPoPTest extends AbstractTestRealmKeycloakTest { AccessTokenResponse response = getDPoPBindAccessToken(rsaKeyPair); doSuccessfulUserInfoGet(response, rsaKeyPair); - oauth.doLogout(response.getRefreshToken(), TEST_CONFIDENTIAL_CLIENT_SECRET); + oauth.doLogout(response.getRefreshToken()); } @Test @@ -431,7 +431,7 @@ public class DPoPTest extends AbstractTestRealmKeycloakTest { assertEquals(401, userInfoResponse.getStatusCode()); assertEquals("Bearer realm=\"test\", error=\"invalid_token\", error_description=\"DPoP proof and token binding verification failed\"", userInfoResponse.getHeaders().get("WWW-Authenticate")); - oauth.doLogout(response.getRefreshToken(), TEST_CONFIDENTIAL_CLIENT_SECRET); + oauth.doLogout(response.getRefreshToken()); } finally { changeDPoPBound(TEST_CONFIDENTIAL_CLIENT_ID, true); } @@ -446,7 +446,7 @@ public class DPoPTest extends AbstractTestRealmKeycloakTest { assertEquals(401, userInfoResponse.getStatusCode()); assertEquals("Bearer realm=\"test\", error=\"invalid_token\", error_description=\"DPoP proof and token binding verification failed\"", userInfoResponse.getHeaders().get("WWW-Authenticate")); - oauth.doLogout(response.getRefreshToken(), TEST_CONFIDENTIAL_CLIENT_SECRET); + oauth.doLogout(response.getRefreshToken()); } @Test @@ -462,7 +462,7 @@ public class DPoPTest extends AbstractTestRealmKeycloakTest { assertEquals(401, userInfoResponse.getStatusCode()); assertEquals("Bearer realm=\"test\", error=\"invalid_token\", error_description=\"DPoP proof and token binding verification failed\"", userInfoResponse.getHeaders().get("WWW-Authenticate")); - oauth.doLogout(response.getRefreshToken(), TEST_CONFIDENTIAL_CLIENT_SECRET); + oauth.doLogout(response.getRefreshToken()); } @Test @@ -476,7 +476,7 @@ public class DPoPTest extends AbstractTestRealmKeycloakTest { assertEquals(401, userInfoResponse.getStatusCode()); assertEquals("Bearer realm=\"test\", error=\"invalid_token\", error_description=\"DPoP proof and token binding verification failed\"", userInfoResponse.getHeaders().get("WWW-Authenticate")); - oauth.doLogout(response.getRefreshToken(), TEST_CONFIDENTIAL_CLIENT_SECRET); + oauth.doLogout(response.getRefreshToken()); } @Test @@ -493,7 +493,7 @@ public class DPoPTest extends AbstractTestRealmKeycloakTest { assertEquals(401, userInfoResponse.getStatusCode()); assertEquals("Bearer realm=\"test\", error=\"invalid_token\", error_description=\"DPoP proof and token binding verification failed\"", userInfoResponse.getHeaders().get("WWW-Authenticate")); - oauth.doLogout(response.getRefreshToken(), TEST_CONFIDENTIAL_CLIENT_SECRET); + oauth.doLogout(response.getRefreshToken()); } @Test @@ -573,7 +573,7 @@ public class DPoPTest extends AbstractTestRealmKeycloakTest { assertEquals(400, response.getStatusCode()); assertEquals(OAuthErrorException.INVALID_REQUEST, response.getError()); assertEquals("DPoP proof is missing", response.getErrorDescription()); - oauth.idTokenHint(response.getIdToken()).openLogout(); + oauth.logoutForm().idTokenHint(response.getIdToken()).open(); // token request with a valid DPoP proof - success // EC key for client alpha @@ -649,7 +649,7 @@ public class DPoPTest extends AbstractTestRealmKeycloakTest { updatePolicies("{}"); updateProfiles("{}"); - oauth.idTokenHint(encodedIdToken).openLogout(); + oauth.logoutForm().idTokenHint(encodedIdToken).open(); } @Test @@ -678,7 +678,7 @@ public class DPoPTest extends AbstractTestRealmKeycloakTest { String jkt = JWKSUtils.computeThumbprint(jwkRsa); assertEquals(jkt, accessToken.getConfirmation().getKeyThumbprint()); - oauth.doLogout(response.getRefreshToken(), TEST_CONFIDENTIAL_CLIENT_SECRET); + oauth.doLogout(response.getRefreshToken()); } @Test @@ -707,7 +707,7 @@ public class DPoPTest extends AbstractTestRealmKeycloakTest { String jkt = JWKSUtils.computeThumbprint(jwkRsa); assertEquals(jkt, accessToken.getConfirmation().getKeyThumbprint()); - oauth.doLogout(response.getRefreshToken(), TEST_CONFIDENTIAL_CLIENT_SECRET); + oauth.doLogout(response.getRefreshToken()); } private AccessTokenResponse getDPoPBindAccessToken(KeyPair rsaKeyPair) throws Exception { @@ -927,7 +927,7 @@ public class DPoPTest extends AbstractTestRealmKeycloakTest { assertEquals(TEST_USER_NAME, userInfoResponse.getUserInfo().getPreferredUsername()); // logout - oauth.idTokenHint(response.getIdToken()).openLogout(); + oauth.logoutForm().idTokenHint(response.getIdToken()).open(); } private void failureTokenProceduresWithDPoP(String dpopProofEncoded, String error) throws Exception { @@ -937,6 +937,6 @@ public class DPoPTest extends AbstractTestRealmKeycloakTest { assertEquals(400, response.getStatusCode()); assertEquals(OAuthErrorException.INVALID_REQUEST, response.getError()); assertEquals(error, response.getErrorDescription()); - oauth.idTokenHint(response.getIdToken()).openLogout(); + oauth.logoutForm().idTokenHint(response.getIdToken()).open(); } } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/LogoutCorsTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/LogoutCorsTest.java index d874a07ae74..fd179aa6741 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/LogoutCorsTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/LogoutCorsTest.java @@ -72,7 +72,7 @@ public class LogoutCorsTest extends AbstractKeycloakTest { String refreshTokenString = tokenResponse.getRefreshToken(); oauth.origin(VALID_CORS_URL); - LogoutResponse response = oauth.doLogout(refreshTokenString, "password"); + LogoutResponse response = oauth.doLogout(refreshTokenString); assertTrue(response.isSuccess()); assertCors(response); } @@ -83,7 +83,7 @@ public class LogoutCorsTest extends AbstractKeycloakTest { String refreshTokenString = tokenResponse.getRefreshToken(); oauth.origin(INVALID_CORS_URL); - LogoutResponse response = oauth.doLogout(refreshTokenString, "password"); + LogoutResponse response = oauth.doLogout(refreshTokenString); assertTrue(response.isSuccess()); assertNotCors(response); } @@ -95,12 +95,12 @@ public class LogoutCorsTest extends AbstractKeycloakTest { oauth.origin(VALID_CORS_URL); // Logout with invalid refresh token - LogoutResponse response = oauth.doLogout("invalid-refresh-token", "password"); + LogoutResponse response = oauth.doLogout("invalid-refresh-token"); assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatusCode()); assertCors(response); // Logout with invalid client secret - response = oauth.doLogout(refreshTokenString, "invalid-secret"); + response = oauth.client(oauth.getClientId(), "invalid-secret").doLogout(refreshTokenString); assertEquals(Response.Status.UNAUTHORIZED.getStatusCode(), response.getStatusCode()); assertCors(response); } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/LogoutTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/LogoutTest.java index 232e96e2230..4560cd235d5 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/LogoutTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/LogoutTest.java @@ -112,7 +112,7 @@ public class LogoutTest extends AbstractKeycloakTest { AccessTokenResponse tokenResponse = oauth.doAccessTokenRequest(code); String refreshTokenString = tokenResponse.getRefreshToken(); - LogoutResponse response = oauth.doLogout(refreshTokenString, "password"); + LogoutResponse response = oauth.doLogout(refreshTokenString); assertTrue(response.isSuccess()); assertNotNull(testingClient.testApp().getAdminLogoutAction()); @@ -131,7 +131,7 @@ public class LogoutTest extends AbstractKeycloakTest { adminClient.realm("test").update(RealmBuilder.create().notBefore(Time.currentTime() + 1).build()); // Logout should succeed with expired refresh token, see KEYCLOAK-3302 - LogoutResponse response = oauth.doLogout(refreshTokenString, "password"); + LogoutResponse response = oauth.doLogout(refreshTokenString); assertTrue(response.isSuccess()); assertNotNull(testingClient.testApp().getAdminLogoutAction()); @@ -143,7 +143,7 @@ public class LogoutTest extends AbstractKeycloakTest { AccessTokenResponse accessTokenResponse = loginAndForceNewLoginPage(); String refreshToken1 = accessTokenResponse.getRefreshToken(); - oauth.doLogout(refreshToken1, "password"); + oauth.doLogout(refreshToken1); setTimeOffset(2); @@ -156,7 +156,7 @@ public class LogoutTest extends AbstractKeycloakTest { AccessTokenResponse tokenResponse2 = oauth.doAccessTokenRequest(code); // finally POST logout with VALID token should succeed - LogoutResponse response = oauth.doLogout(tokenResponse2.getRefreshToken(), "password"); + LogoutResponse response = oauth.doLogout(tokenResponse2.getRefreshToken()); assertTrue(response.isSuccess()); assertNotNull(testingClient.testApp().getAdminLogoutAction()); @@ -175,7 +175,7 @@ public class LogoutTest extends AbstractKeycloakTest { oauth.client("test-app-scope", "password"); // Assert logout fails with 400 when trying to use different client credentials - LogoutResponse response = oauth.doLogout(refreshTokenString, "password"); + LogoutResponse response = oauth.doLogout(refreshTokenString); assertEquals(response.getStatusCode(), 400); oauth.client("test-app", "password"); @@ -225,7 +225,7 @@ public class LogoutTest extends AbstractKeycloakTest { assertEquals("JWT", header.getType()); assertNull(header.getContentType()); - String logoutUrl = oauth.getEndpoints().getLogoutBuilder() + String logoutUrl = oauth.logoutForm() .idTokenHint(idTokenString) .postLogoutRedirectUri(oauth.APP_AUTH_ROOT) .build(); @@ -268,7 +268,7 @@ public class LogoutTest extends AbstractKeycloakTest { AccessTokenResponse tokenResponse = oauth.doAccessTokenRequest(code); events.poll(); String idTokenString = tokenResponse.getIdToken(); - String logoutUrl = oauth.getEndpoints().getLogoutBuilder() + String logoutUrl = oauth.logoutForm() .idTokenHint(idTokenString) .postLogoutRedirectUri(oauth.APP_AUTH_ROOT) .build(); @@ -307,7 +307,7 @@ public class LogoutTest extends AbstractKeycloakTest { AccessTokenResponse tokenResponse = oauth.doAccessTokenRequest(code); String idTokenString = tokenResponse.getIdToken(); - String logoutUrl = oauth.getEndpoints().getLogoutBuilder() + String logoutUrl = oauth.logoutForm() .idTokenHint(idTokenString) .postLogoutRedirectUri(oauth.APP_AUTH_ROOT) .build(); @@ -353,7 +353,7 @@ public class LogoutTest extends AbstractKeycloakTest { AccessTokenResponse tokenResponse = oauth.doAccessTokenRequest(code); AccessToken accessToken = new JWSInput(tokenResponse.getAccessToken()).readJsonContent(AccessToken.class); String idTokenString = tokenResponse.getIdToken(); - String logoutUrl = oauth.getEndpoints().getLogoutBuilder() + String logoutUrl = oauth.logoutForm() .idTokenHint(idTokenString) .postLogoutRedirectUri(oauth.APP_AUTH_ROOT) .build(); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OAuthGrantTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OAuthGrantTest.java index 4d8c7bd2487..2ee10dc748e 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OAuthGrantTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OAuthGrantTest.java @@ -21,7 +21,6 @@ import org.jboss.arquillian.graphene.page.Page; import org.junit.Assert; import org.junit.Rule; import org.junit.Test; -import org.keycloak.OAuth2Constants; import org.keycloak.admin.client.resource.ClientResource; import org.keycloak.admin.client.resource.ClientScopeResource; import org.keycloak.admin.client.resource.RealmResource; @@ -45,7 +44,6 @@ import org.keycloak.testsuite.pages.ErrorPage; import org.keycloak.testsuite.pages.LogoutConfirmPage; import org.keycloak.testsuite.pages.OAuthGrantPage; import org.keycloak.testsuite.util.oauth.AccessTokenResponse; -import org.keycloak.testsuite.util.oauth.AuthorizationEndpointResponse; import org.keycloak.testsuite.util.ProtocolMapperUtil; import org.keycloak.testsuite.util.AccountHelper; import org.openqa.selenium.By; @@ -357,8 +355,7 @@ public class OAuthGrantTest extends AbstractKeycloakTest { .client(THIRD_PARTY_APP) .assertEvent(); - String logoutUrl = oauth.getEndpoints().getLogoutBuilder().idTokenHint(res.getIdToken()).build(); - driver.navigate().to(logoutUrl); + oauth.logoutForm().idTokenHint(res.getIdToken()).open(); events.expectLogout(loginEvent.getSessionId()).client(THIRD_PARTY_APP).removeDetail(Details.REDIRECT_URI).assertEvent(); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OAuthRedirectUriTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OAuthRedirectUriTest.java index 73c68db20a4..78310b52fcd 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OAuthRedirectUriTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OAuthRedirectUriTest.java @@ -519,7 +519,7 @@ public class OAuthRedirectUriTest extends AbstractKeycloakTest { Assert.assertEquals("Expected success, but got error: " + tokenResponse.getError(), 200, tokenResponse.getStatusCode()); - oauth.doLogout(tokenResponse.getRefreshToken(), "password"); + oauth.doLogout(tokenResponse.getRefreshToken()); } } } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OAuthScopeInTokenResponseTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OAuthScopeInTokenResponseTest.java index 5523ec6b1d8..6514626b34d 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OAuthScopeInTokenResponseTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OAuthScopeInTokenResponseTest.java @@ -14,7 +14,6 @@ import jakarta.ws.rs.core.Response; import org.junit.Assert; import org.junit.Test; -import org.keycloak.OAuth2Constants; import org.keycloak.OAuthErrorException; import org.keycloak.admin.client.resource.ClientResource; import org.keycloak.admin.client.resource.ClientsResource; @@ -54,7 +53,7 @@ public class OAuthScopeInTokenResponseTest extends AbstractKeycloakTest { String code = oauth.parseLoginResponse().getCode(); - expectSuccessfulResponseFromTokenEndpoint(code, expectedScope, clientSecret); + expectSuccessfulResponseFromTokenEndpoint(code, expectedScope); } @Test @@ -71,7 +70,7 @@ public class OAuthScopeInTokenResponseTest extends AbstractKeycloakTest { String code = oauth.parseLoginResponse().getCode(); - expectSuccessfulResponseFromTokenEndpoint(code, expectedScope, clientSecret); + expectSuccessfulResponseFromTokenEndpoint(code, expectedScope); } @Test @@ -106,13 +105,13 @@ public class OAuthScopeInTokenResponseTest extends AbstractKeycloakTest { oauth.scope("phone"); oauth.doLogin(loginUser, loginPassword); String code = oauth.parseLoginResponse().getCode(); - expectSuccessfulResponseFromTokenEndpoint(code, "phone", clientSecret); + expectSuccessfulResponseFromTokenEndpoint(code, "phone"); - oauth.openLogout(); + oauth.openLogoutForm(); oauth.scope(null); oauth.doLogin(loginUser, loginPassword); code = oauth.parseLoginResponse().getCode(); - expectSuccessfulResponseFromTokenEndpoint(code, "", clientSecret); + expectSuccessfulResponseFromTokenEndpoint(code, ""); for (ClientScopeRepresentation scope : scopes) { client.addDefaultClientScope(scope.getId()); @@ -173,7 +172,7 @@ public class OAuthScopeInTokenResponseTest extends AbstractKeycloakTest { String code = oauth.parseLoginResponse().getCode(); - expectSuccessfulResponseFromTokenEndpoint(code, expectedScope, clientSecret); + expectSuccessfulResponseFromTokenEndpoint(code, expectedScope); } @Test @@ -202,7 +201,7 @@ public class OAuthScopeInTokenResponseTest extends AbstractKeycloakTest { String code = oauth.parseLoginResponse().getCode(); - expectSuccessfulResponseFromTokenEndpoint(code, expectedScope, clientSecret); + expectSuccessfulResponseFromTokenEndpoint(code, expectedScope); // Login with 'user' scope requestedScope = "user address phone"; @@ -213,13 +212,13 @@ public class OAuthScopeInTokenResponseTest extends AbstractKeycloakTest { code = oauth.parseLoginResponse().getCode(); - expectSuccessfulResponseFromTokenEndpoint(code, expectedScope, clientSecret); + expectSuccessfulResponseFromTokenEndpoint(code, expectedScope); // Cleanup ApiUtil.findClientResourceByClientId(realmsResouce().realm("test"), "test-app").removeOptionalClientScope(userScopeId); } - private void expectSuccessfulResponseFromTokenEndpoint(String code, String expectedScope, String clientSecret) throws Exception { + private void expectSuccessfulResponseFromTokenEndpoint(String code, String expectedScope) throws Exception { AccessTokenResponse response = oauth.doAccessTokenRequest(code); assertEquals(200, response.getStatusCode()); log.info("expectedScopes = " + expectedScope); @@ -228,6 +227,6 @@ public class OAuthScopeInTokenResponseTest extends AbstractKeycloakTest { Collection receivedScopes = Arrays.asList(response.getScope().split(" ")); Assert.assertTrue(expectedScopes.containsAll(receivedScopes) && receivedScopes.containsAll(expectedScopes)); - oauth.doLogout(response.getRefreshToken(), clientSecret); + oauth.doLogout(response.getRefreshToken()); } } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OIDCProtocolMappersTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OIDCProtocolMappersTest.java index 84b0ae7e3c9..d7ee40d24f8 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OIDCProtocolMappersTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OIDCProtocolMappersTest.java @@ -320,7 +320,7 @@ public class OIDCProtocolMappersTest extends AbstractKeycloakTest { assertEquals(3, multiClaim.size()); assertThat(multiClaim, containsInAnyOrder("abc", "bcd", "cde")); - oauth.idTokenHint(response.getIdToken()).openLogout(); + oauth.logoutForm().idTokenHint(response.getIdToken()).open(); } // undo mappers @@ -359,7 +359,7 @@ public class OIDCProtocolMappersTest extends AbstractKeycloakTest { assertNull(idToken.getOtherClaims().get("nested")); assertNull(idToken.getOtherClaims().get("department")); - oauth.idTokenHint(response.getIdToken()).openLogout(); + oauth.logoutForm().idTokenHint(response.getIdToken()).open(); } @@ -417,7 +417,7 @@ public class OIDCProtocolMappersTest extends AbstractKeycloakTest { } // logout - oauth.openLogout(); + oauth.openLogoutForm(); // undo mappers app = findClientByClientId(adminClient.realm("test"), "test-app"); @@ -552,7 +552,7 @@ public class OIDCProtocolMappersTest extends AbstractKeycloakTest { assertNull(nulll); oauth.verifyToken(response.getAccessToken()); - oauth.idTokenHint(response.getIdToken()).openLogout(); + oauth.logoutForm().idTokenHint(response.getIdToken()).open(); } // undo mappers @@ -577,7 +577,7 @@ public class OIDCProtocolMappersTest extends AbstractKeycloakTest { assertNull(idToken.getOtherClaims().get("empty")); assertNull(idToken.getOtherClaims().get("null")); - oauth.idTokenHint(response.getIdToken()).openLogout(); + oauth.logoutForm().idTokenHint(response.getIdToken()).open(); } events.clear(); } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OfflineTokenTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OfflineTokenTest.java index a87a06285e2..c15d535550e 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OfflineTokenTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OfflineTokenTest.java @@ -703,7 +703,7 @@ public class OfflineTokenTest extends AbstractKeycloakTest { response = oauth.doRefreshTokenRequest(response.getRefreshToken()); assertEquals(200, response.getStatusCode()); - LogoutResponse logoutResponse = oauth.doLogout(response.getRefreshToken(), "secret1"); + LogoutResponse logoutResponse = oauth.doLogout(response.getRefreshToken()); assertTrue(logoutResponse.isSuccess()); response = oauth.doRefreshTokenRequest(response.getRefreshToken()); @@ -732,7 +732,7 @@ public class OfflineTokenTest extends AbstractKeycloakTest { assertEquals(200, offlineRefresh.getStatusCode()); // logout online session - LogoutResponse logoutResponse = oauth.scope(null).doLogout(response.getRefreshToken(), "secret1"); + LogoutResponse logoutResponse = oauth.scope(null).doLogout(response.getRefreshToken()); assertTrue(logoutResponse.isSuccess()); // assert the online session is gone @@ -778,7 +778,7 @@ public class OfflineTokenTest extends AbstractKeycloakTest { session.sessions().getOfflineUserSession(session.realms().getRealmByName("test"), offlineToken.getSessionState()).getId(), String.class); // logout offline session - LogoutResponse logoutResponse = oauth.doLogout(offlineTokenString, "secret1"); + LogoutResponse logoutResponse = oauth.doLogout(offlineTokenString); assertTrue(logoutResponse.isSuccess()); events.expectLogout(offlineUserSessionId) .client("offline-client") diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/RPInitiatedLogoutTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/RPInitiatedLogoutTest.java index 74340f23129..08d6bf64d0b 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/RPInitiatedLogoutTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/RPInitiatedLogoutTest.java @@ -141,8 +141,7 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest { String idTokenString = tokenResponse.getIdToken(); - String logoutUrl = oauth.getEndpoints().getLogoutBuilder().postLogoutRedirectUri(redirectUri).idTokenHint(idTokenString).build(); - driver.navigate().to(logoutUrl); + oauth.logoutForm().postLogoutRedirectUri(redirectUri).idTokenHint(idTokenString).open(); events.expectLogout(sessionId).detail(Details.REDIRECT_URI, redirectUri).assertEvent(); MatcherAssert.assertThat(false, is(isSessionActive(sessionId))); @@ -155,8 +154,7 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest { assertNotEquals(sessionId, sessionId2); // Test also "state" parameter is included in the URL after logout. Make sure to use idTokenHint from the last login to match with current browser session - logoutUrl = oauth.getEndpoints().getLogoutBuilder().postLogoutRedirectUri(redirectUri).idTokenHint(idTokenString).state("something").build(); - driver.navigate().to(logoutUrl); + oauth.logoutForm().postLogoutRedirectUri(redirectUri).idTokenHint(idTokenString).state("something").open(); events.expectLogout(sessionId2).detail(Details.REDIRECT_URI, redirectUri).assertEvent(); MatcherAssert.assertThat(false, is(isSessionActive(sessionId2))); assertCurrentUrlEquals(redirectUri + "&state=something"); @@ -175,8 +173,7 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest { String idTokenString = tokenResponse.getIdToken(); try { - String logoutUrl = oauth.getEndpoints().getLogoutBuilder().postLogoutRedirectUri(redirectUri).idTokenHint(idTokenString).build(); - driver.navigate().to(logoutUrl); + oauth.logoutForm().postLogoutRedirectUri(redirectUri).idTokenHint(idTokenString).open(); events.expectLogout(sessionId).detail(Details.REDIRECT_URI, redirectUri).assertEvent(); MatcherAssert.assertThat(false, is(isSessionActive(sessionId))); @@ -189,8 +186,7 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest { assertNotEquals(sessionId, sessionId2); // Test also "state" parameter is included in the URL after logout. Make sure to use idTokenHint from the last login to match with current browser session - logoutUrl = oauth.getEndpoints().getLogoutBuilder().postLogoutRedirectUri(redirectUri).idTokenHint(idTokenString).state("something").build(); - driver.navigate().to(logoutUrl); + oauth.logoutForm().postLogoutRedirectUri(redirectUri).idTokenHint(idTokenString).state("something").open(); events.expectLogout(sessionId2).detail(Details.REDIRECT_URI, redirectUri).assertEvent(); MatcherAssert.assertThat(false, is(isSessionActive(sessionId2))); assertCurrentUrlEquals(redirectUri + "&state=something"); @@ -209,8 +205,7 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest { String idTokenString = tokenResponse.getIdToken(); - String logoutUrl = oauth.getEndpoints().getLogoutBuilder().postLogoutRedirectUri(redirectUri).idTokenHint(idTokenString).build(); - driver.navigate().to(logoutUrl); + oauth.logoutForm().postLogoutRedirectUri(redirectUri).idTokenHint(idTokenString).open(); events.expectLogout(sessionId).detail(Details.REDIRECT_URI, redirectUri).assertEvent(); MatcherAssert.assertThat(false, is(isSessionActive(sessionId))); @@ -225,8 +220,7 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest { assertNotEquals(sessionId, sessionId2); // Using idTokenHint of the 1st session. Logout confirmation is needed in such case. Test also "state" parameter is included in the URL after logout - logoutUrl = oauth.getEndpoints().getLogoutBuilder().postLogoutRedirectUri(redirectUri).idTokenHint(idTokenString).state("something").build(); - driver.navigate().to(logoutUrl); + oauth.logoutForm().postLogoutRedirectUri(redirectUri).idTokenHint(idTokenString).state("something").open(); logoutConfirmPage.assertCurrent(); logoutConfirmPage.confirmLogout(); events.expectLogoutError(Errors.SESSION_EXPIRED); @@ -247,8 +241,7 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest { // expire online user session setTimeOffset(9999); - String logoutUrl = oauth.getEndpoints().getLogoutBuilder().postLogoutRedirectUri(APP_REDIRECT_URI).idTokenHint(idTokenString).build(); - driver.navigate().to(logoutUrl); + oauth.logoutForm().postLogoutRedirectUri(APP_REDIRECT_URI).idTokenHint(idTokenString).open(); // should not throw an internal server error. But no logout event is sent as nothing was logged-out appPage.assertCurrent(); @@ -288,8 +281,7 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest { loginPage.login(testUsername, testUserPassword); //log out - String logoutUrl = oauth.getEndpoints().getLogoutBuilder().build(); - driver.navigate().to(logoutUrl); + oauth.openLogoutForm(); logoutConfirmPage.assertCurrent(); logoutConfirmPage.confirmLogout(); @@ -312,8 +304,7 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest { MatcherAssert.assertThat(false, is(isSessionActive(sessionId))); // Try logout even if user already logged-out by admin. Should redirect back to the application, but no logout-event should be triggered - String logoutUrl = oauth.getEndpoints().getLogoutBuilder().postLogoutRedirectUri(APP_REDIRECT_URI).idTokenHint(idTokenString).build(); - driver.navigate().to(logoutUrl); + oauth.logoutForm().postLogoutRedirectUri(APP_REDIRECT_URI).idTokenHint(idTokenString).open(); events.expectLogoutError(Errors.SESSION_EXPIRED); assertCurrentUrlEquals(APP_REDIRECT_URI); @@ -322,9 +313,7 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest { String sessionId2 = tokenResponse.getSessionState(); idTokenString = tokenResponse.getIdToken(); assertNotEquals(sessionId, sessionId2); - logoutUrl = oauth.getEndpoints().getLogoutBuilder().postLogoutRedirectUri(APP_REDIRECT_URI).idTokenHint(idTokenString).build(); - - driver.navigate().to(logoutUrl); + oauth.logoutForm().postLogoutRedirectUri(APP_REDIRECT_URI).idTokenHint(idTokenString).open(); events.expectLogout(sessionId2).detail(Details.REDIRECT_URI, APP_REDIRECT_URI).assertEvent(); MatcherAssert.assertThat(false, is(isSessionActive(sessionId2))); } @@ -348,7 +337,7 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest { AccessTokenResponse tokenResponse = loginUser(); String accessToken = tokenResponse.getAccessToken(); - driver.navigate().to(oauth.getEndpoints().getLogoutBuilder().postLogoutRedirectUri(APP_REDIRECT_URI).idTokenHint(accessToken).build()); + oauth.logoutForm().postLogoutRedirectUri(APP_REDIRECT_URI).idTokenHint(accessToken).open(); events.expectLogoutError(OAuthErrorException.INVALID_TOKEN).assertEvent(); @@ -364,7 +353,7 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest { // Logout should succeed with expired ID token, see KEYCLOAK-3399 setTimeOffset(60 * 60 * 24); - String logoutUrl = oauth.getEndpoints().getLogoutBuilder() + String logoutUrl = oauth.logoutForm() .idTokenHint(idTokenString) .postLogoutRedirectUri(APP_REDIRECT_URI) .build(); @@ -387,7 +376,7 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest { adminClient.realm("test").logoutAll(); // Logout with HTTP client. Logout should succeed with user already logged out, see KEYCLOAK-3399. But no logout event should be present - String logoutUrl = oauth.getEndpoints().getLogoutBuilder() + String logoutUrl = oauth.logoutForm() .idTokenHint(idTokenString) .postLogoutRedirectUri(APP_REDIRECT_URI) .build(); @@ -409,8 +398,7 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest { AccessTokenResponse tokenResponse = loginUser(); // Logout with "redirect_uri" parameter alone should fail - String logoutUrl = oauth.getEndpoints().getLogoutBuilder().postLogoutRedirectUri(APP_REDIRECT_URI).build(); - driver.navigate().to(logoutUrl); + oauth.logoutForm().postLogoutRedirectUri(APP_REDIRECT_URI).open(); errorPage.assertCurrent(); events.expectLogoutError(OAuthErrorException.INVALID_REQUEST).assertEvent(); @@ -425,7 +413,7 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest { String idTokenString = tokenResponse.getIdToken(); // Completely invalid redirect uri - driver.navigate().to(oauth.getEndpoints().getLogoutBuilder().postLogoutRedirectUri("https://invalid").idTokenHint(idTokenString).build()); + oauth.logoutForm().postLogoutRedirectUri("https://invalid").idTokenHint(idTokenString).open(); errorPage.assertCurrent(); events.expectLogoutError(OAuthErrorException.INVALID_REDIRECT_URI) .client(AssertEvents.DEFAULT_CLIENT_ID) @@ -434,7 +422,7 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest { // Redirect uri of different client in the realm should fail as well String rootUrlClientRedirectUri = UriUtils.getOrigin(APP_REDIRECT_URI) + "/foo/bar"; - driver.navigate().to(oauth.getEndpoints().getLogoutBuilder().postLogoutRedirectUri(rootUrlClientRedirectUri).idTokenHint(idTokenString).build()); + oauth.logoutForm().postLogoutRedirectUri(rootUrlClientRedirectUri).idTokenHint(idTokenString).open(); errorPage.assertCurrent(); events.expectLogoutError(OAuthErrorException.INVALID_REDIRECT_URI) .client(AssertEvents.DEFAULT_CLIENT_ID) @@ -453,13 +441,13 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest { // Removed signature from id_token_hint String idTokenHint = idTokenString.substring(0, idTokenString.lastIndexOf(".")); - driver.navigate().to(oauth.getEndpoints().getLogoutBuilder().postLogoutRedirectUri(APP_REDIRECT_URI).idTokenHint(idTokenHint).build()); + oauth.logoutForm().postLogoutRedirectUri(APP_REDIRECT_URI).idTokenHint(idTokenHint).open(); errorPage.assertCurrent(); events.expectLogoutError(OAuthErrorException.INVALID_TOKEN).removeDetail(Details.REDIRECT_URI).assertEvent(); // Invalid signature idTokenHint = idTokenHint + ".something"; - driver.navigate().to(oauth.getEndpoints().getLogoutBuilder().postLogoutRedirectUri(APP_REDIRECT_URI).idTokenHint(idTokenHint).build()); + oauth.logoutForm().postLogoutRedirectUri(APP_REDIRECT_URI).idTokenHint(idTokenHint).open(); errorPage.assertCurrent(); events.expectLogoutError(OAuthErrorException.INVALID_TOKEN).removeDetail(Details.REDIRECT_URI).assertEvent(); @@ -472,8 +460,7 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest { @Test public void logoutWithoutIdTokenHintWithoutPostLogoutRedirectUri() { AccessTokenResponse tokenResponse = loginUser(); - - driver.navigate().to(oauth.getEndpoints().getLogoutBuilder().build()); + oauth.logoutForm().open(); // Assert logout confirmation page. Session still exists logoutConfirmPage.assertCurrent(); @@ -501,7 +488,7 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest { public void logoutWithIdTokenHintWithoutPostLogoutRedirectUri() { AccessTokenResponse tokenResponse = loginUser(); - driver.navigate().to(oauth.getEndpoints().getLogoutBuilder().idTokenHint(tokenResponse.getIdToken()).build()); + oauth.logoutForm().idTokenHint(tokenResponse.getIdToken()).open(); // Info page present. Link "back to the application" present infoPage.assertCurrent(); @@ -521,7 +508,7 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest { public void logoutExpiredConfirmationAction() { AccessTokenResponse tokenResponse = loginUser(); - driver.navigate().to(oauth.getEndpoints().getLogoutBuilder().build()); + oauth.openLogoutForm(); // Assert logout confirmation page. Session still exists logoutConfirmPage.assertCurrent(); @@ -552,7 +539,7 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest { public void logoutExpiredConfirmationAuthSession() { AccessTokenResponse tokenResponse = loginUser(); - driver.navigate().to(oauth.getEndpoints().getLogoutBuilder().build()); + oauth.openLogoutForm(); // Assert logout confirmation page. Session still exists logoutConfirmPage.assertCurrent(); @@ -582,7 +569,7 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest { public void logoutExpiredConfirmationAuthSessionWithClient() { AccessTokenResponse tokenResponse = loginUser(); - driver.navigate().to(oauth.getEndpoints().getLogoutBuilder().clientId("test-app").build()); + oauth.logoutForm().withClientId().open(); // Assert logout confirmation page. Session still exists logoutConfirmPage.assertCurrent(); @@ -610,8 +597,7 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest { AccessTokenResponse tokenResponse = loginUser(true); String idTokenString = tokenResponse.getIdToken(); - String logoutUrl = oauth.getEndpoints().getLogoutBuilder().postLogoutRedirectUri(APP_REDIRECT_URI).idTokenHint(idTokenString).state("somethingg").build(); - driver.navigate().to(logoutUrl); + oauth.logoutForm().postLogoutRedirectUri(APP_REDIRECT_URI).idTokenHint(idTokenString).state("somethingg").open(); // Logout confirmation page not shown as id_token_hint was included. // Redirected back to the application with expected "state" @@ -630,8 +616,7 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest { try (RealmAttributeUpdater updater = new RealmAttributeUpdater(testRealm()).addSupportedLocale("cs").update()) { AccessTokenResponse tokenResponse = loginUser(false); - String logoutUrl = oauth.getEndpoints().getLogoutBuilder().clientId("test-app").uiLocales("cs").build(); - driver.navigate().to(logoutUrl); + oauth.logoutForm().withClientId().uiLocales("cs").open(); // Assert logout confirmation page. Session still exists. Assert czech language on logout page Assert.assertEquals("Odhlašování", PageUtils.getPageTitle(driver)); // Logging out @@ -657,7 +642,7 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest { AccessTokenResponse tokenResponse = loginUser(); String idTokenString = tokenResponse.getIdToken(); - driver.navigate().to(oauth.getEndpoints().getLogoutBuilder().clientId("test-app").build()); + oauth.logoutForm().withClientId().open(); // Assert logout confirmation page. Session still exists logoutConfirmPage.assertCurrent(); @@ -685,13 +670,11 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest { AccessTokenResponse tokenResponse = loginUser(); // logout url with no parameters, client is the account app - String logoutUrl = oauth.getEndpoints().getLogoutBuilder().build(); - driver.navigate().to(logoutUrl); + oauth.openLogoutForm(); logoutConfirmPage.assertCurrent(); // change logout to our app with redirect uri - logoutUrl = oauth.getEndpoints().getLogoutBuilder().postLogoutRedirectUri(APP_REDIRECT_URI).clientId("test-app").state("somethingg").build(); - driver.navigate().to(logoutUrl); + oauth.logoutForm().postLogoutRedirectUri(APP_REDIRECT_URI).state("somethingg").withClientId().open(); // Assert logout confirmation page as id_token_hint was not sent. Session still exists. Assert default language on logout page (English) logoutConfirmPage.assertCurrent(); @@ -712,12 +695,11 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest { AccessTokenResponse tokenResponse = loginUser(); // Test logout with all of "client_id", "id_token_hint" and "post_logout_redirect_uri". Logout should work without confirmation - String logoutUrl = oauth.getEndpoints().getLogoutBuilder() + oauth.logoutForm() .postLogoutRedirectUri(APP_REDIRECT_URI) - .clientId("test-app") .idTokenHint(tokenResponse.getIdToken()) - .state("somethingg").build(); - driver.navigate().to(logoutUrl); + .withClientId() + .state("somethingg").open(); // Logout done and redirected back to the application with expected "state" events.expectLogout(tokenResponse.getSessionState()).assertEvent(); @@ -725,11 +707,10 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest { assertCurrentUrlEquals(APP_REDIRECT_URI + "?state=somethingg"); // Test logout only with "client_id" and "post_logout_redirect_uri". Should automatically redirect as there is no logout (No active browser session) - logoutUrl = oauth.getEndpoints().getLogoutBuilder() + oauth.logoutForm() .postLogoutRedirectUri(APP_REDIRECT_URI) - .clientId("test-app") - .state("something2").build(); - driver.navigate().to(logoutUrl); + .withClientId() + .state("something2").open(); events.assertEmpty(); assertCurrentUrlEquals(APP_REDIRECT_URI + "?state=something2"); @@ -785,11 +766,10 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest { AccessTokenResponse tokenResponse = loginUser(); // Case when client_id points to different client than ID Token. - String logoutUrl = oauth.getEndpoints().getLogoutBuilder() + oauth.client("third-party").logoutForm() .postLogoutRedirectUri(APP_REDIRECT_URI) - .clientId("third-party") - .idTokenHint(tokenResponse.getIdToken()).build(); - driver.navigate().to(logoutUrl); + .withClientId() + .idTokenHint(tokenResponse.getIdToken()).open(); errorPage.assertCurrent(); Assert.assertEquals("Invalid parameter: id_token_hint", errorPage.getError()); @@ -798,10 +778,10 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest { MatcherAssert.assertThat(true, is(isSessionActive(tokenResponse.getSessionState()))); // Case when client_id is non-existing client and redirect uri of different client is used - logoutUrl = oauth.getEndpoints().getLogoutBuilder() + oauth.client("non-existing").logoutForm() .postLogoutRedirectUri(APP_REDIRECT_URI) - .clientId("non-existing").build(); - driver.navigate().to(logoutUrl); + .withClientId() + .open(); errorPage.assertCurrent(); Assert.assertEquals("Invalid redirect uri", errorPage.getError()); @@ -810,9 +790,7 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest { MatcherAssert.assertThat(true, is(isSessionActive(tokenResponse.getSessionState()))); // Case when client_id is non-existing client. Confirmation is needed. - logoutUrl = oauth.getEndpoints().getLogoutBuilder() - .clientId("non-existing").build(); - driver.navigate().to(logoutUrl); + oauth.client("non-existing").logoutForm().withClientId().open(); logoutConfirmPage.assertCurrent(); logoutConfirmPage.confirmLogout(); @@ -848,7 +826,7 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest { postParams.put(OIDCLoginProtocol.POST_LOGOUT_REDIRECT_URI_PARAM, redirectUri); postParams.put(OIDCLoginProtocol.ID_TOKEN_HINT, idTokenString); postParams.put(OAuth2Constants.STATE, "my-state"); - URLUtils.sendPOSTRequestWithWebDriver(oauth.getEndpoints().getLogoutBuilder().build(), postParams); + URLUtils.sendPOSTRequestWithWebDriver(oauth.getEndpoints().getLogout(), postParams); events.expectLogout(tokenResponse.getSessionState()).detail(Details.REDIRECT_URI, redirectUri).assertEvent(); MatcherAssert.assertThat(false, is(isSessionActive(sessionId))); @@ -863,7 +841,7 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest { postParams.put(OAuth2Constants.CLIENT_ID, "test-app"); postParams.put(OAuth2Constants.STATE, "my-state-2"); postParams.put(OIDCLoginProtocol.UI_LOCALES_PARAM, "cs"); - URLUtils.sendPOSTRequestWithWebDriver(oauth.getEndpoints().getLogoutBuilder().build(), postParams); + URLUtils.sendPOSTRequestWithWebDriver(oauth.getEndpoints().getLogout(), postParams); Assert.assertEquals("Odhlašování", PageUtils.getPageTitle(driver)); // Logging out Assert.assertEquals("Čeština", logoutConfirmPage.getLanguageDropdownText()); @@ -884,12 +862,12 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest { // Set localization to the user account to "cs". Ensure that it is shown try (UserAttributeUpdater userUpdater = UserAttributeUpdater.forUserByUsername(testRealm(), "test-user@localhost").setAttribute(UserModel.LOCALE, "cs").update()) { - driver.navigate().to(oauth.getEndpoints().getLogoutBuilder().build()); + oauth.openLogoutForm(); Assert.assertEquals("Odhlašování", PageUtils.getPageTitle(driver)); // Logging out Assert.assertEquals("Čeština", logoutConfirmPage.getLanguageDropdownText()); // Set localization together with ui_locales param. User localization should have preference - driver.navigate().to(oauth.getEndpoints().getLogoutBuilder().uiLocales("de").build()); + oauth.logoutForm().uiLocales("de").open(); Assert.assertEquals("Odhlašování", PageUtils.getPageTitle(driver)); // Logging out Assert.assertEquals("Čeština", logoutConfirmPage.getLanguageDropdownText()); } @@ -897,7 +875,7 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest { UserAttributeUpdater.forUserByUsername(testRealm(), "test-user@localhost").removeAttribute(UserModel.LOCALE).update(); // Removed localization from user account. Now localization set by ui_locales parameter should be used - driver.navigate().to(oauth.getEndpoints().getLogoutBuilder().uiLocales("de").build()); + oauth.logoutForm().uiLocales("de").open(); Assert.assertEquals("Abmelden", PageUtils.getPageTitle(driver)); // Logging out Assert.assertEquals("Deutsch", logoutConfirmPage.getLanguageDropdownText()); logoutConfirmPage.confirmLogout(); @@ -906,7 +884,7 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest { // Remove ui_locales from logout request. Default locale should be set tokenResponse = loginUser(); - driver.navigate().to(oauth.getEndpoints().getLogoutBuilder().build()); + oauth.logoutForm().open(); Assert.assertEquals("Logging out", PageUtils.getPageTitle(driver)); Assert.assertEquals("English", logoutConfirmPage.getLanguageDropdownText()); logoutConfirmPage.confirmLogout(); @@ -922,7 +900,7 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest { AccessTokenResponse tokenResponse = loginUser(); // Display the logout page. Then change the localization to Czech, then back to english and then and logout - driver.navigate().to(oauth.getEndpoints().getLogoutBuilder().build()); + oauth.openLogoutForm(); logoutConfirmPage.assertCurrent(); logoutConfirmPage.openLanguage("Čeština"); @@ -948,10 +926,10 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest { // Display logout with ui_locales parameter set to "de" tokenResponse = loginUser(); - driver.navigate().to(oauth.getEndpoints().getLogoutBuilder() - .clientId("test-app") + oauth.logoutForm() + .withClientId() .uiLocales("de") - .build()); + .open(); Assert.assertEquals("Abmelden", PageUtils.getPageTitle(driver)); // Logging out Assert.assertEquals("Deutsch", logoutConfirmPage.getLanguageDropdownText()); @@ -991,7 +969,7 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest { AccessTokenResponse tokenResponse = loginUser(); // Display the logout page. Then change the localization to Czech and logout - driver.navigate().to(oauth.getEndpoints().getLogoutBuilder().uiLocales("de").build()); + oauth.logoutForm().uiLocales("de").open(); Assert.assertEquals("Abmelden", PageUtils.getPageTitle(driver)); // Logging out logoutConfirmPage.openLanguage("English"); @@ -1019,8 +997,7 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest { try (Closeable accountClientUpdater = ClientAttributeUpdater.forClient(adminClient, "test", oauth.getClientId()) .setEnabled(false).update()) { - String logoutUrl = oauth.getEndpoints().getLogoutBuilder().postLogoutRedirectUri(APP_REDIRECT_URI).clientId("test-app").build(); - driver.navigate().to(logoutUrl); + oauth.logoutForm().postLogoutRedirectUri(APP_REDIRECT_URI).withClientId().open(); MatcherAssert.assertThat(true, is(isSessionActive(tokenResponse.getSessionState()))); events.assertEmpty(); @@ -1041,8 +1018,7 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest { try (Closeable accountClientUpdater = ClientAttributeUpdater.forClient(adminClient, "test", Constants.ACCOUNT_MANAGEMENT_CLIENT_ID) .setEnabled(false) .update()) { - String logoutUrl = oauth.getEndpoints().getLogoutBuilder().build(); - driver.navigate().to(logoutUrl); + oauth.openLogoutForm(); events.assertEmpty(); logoutConfirmPage.assertCurrent(); @@ -1071,8 +1047,7 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest { // Remove client after login of user testRealm().clients().get(uuid).remove(); - String logoutUrl = oauth.getEndpoints().getLogoutBuilder().postLogoutRedirectUri(APP_REDIRECT_URI).idTokenHint(tokenResponse.getIdToken()).build(); - driver.navigate().to(logoutUrl); + oauth.logoutForm().postLogoutRedirectUri(APP_REDIRECT_URI).idTokenHint(tokenResponse.getIdToken()).open(); // Invalid redirect URI page is shown. It was not possible to verify post_logout_redirect_uri due the client was removed errorPage.assertCurrent(); @@ -1116,8 +1091,7 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest { AccessTokenResponse tokenResponse = loginUser(); - String logoutUrl = oauth.getEndpoints().getLogoutBuilder().postLogoutRedirectUri(postLogoutRedirectUri).clientId("test-app").build(); - driver.navigate().to(logoutUrl); + oauth.logoutForm().postLogoutRedirectUri(postLogoutRedirectUri).withClientId().open(); // Assert logout confirmation page as id_token_hint was not sent. Session still exists. Assert default language on logout page (English) logoutConfirmPage.assertCurrent(); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/RefreshTokenTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/RefreshTokenTest.java index 16469da807d..faec99516e6 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/RefreshTokenTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/RefreshTokenTest.java @@ -1063,7 +1063,7 @@ public class RefreshTokenTest extends AbstractKeycloakTest { public void refreshTokenAfterUserLogoutAndLoginAgain() { String refreshToken1 = loginAndForceNewLoginPage(); - oauth.doLogout(refreshToken1, "password"); + oauth.doLogout(refreshToken1); events.clear(); try { diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ResourceOwnerPasswordCredentialsGrantTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ResourceOwnerPasswordCredentialsGrantTest.java index 0030c882625..832eb9c0a09 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ResourceOwnerPasswordCredentialsGrantTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ResourceOwnerPasswordCredentialsGrantTest.java @@ -444,7 +444,7 @@ public class ResourceOwnerPasswordCredentialsGrantTest extends AbstractKeycloakT .detail(Details.CLIENT_AUTH_METHOD, ClientIdAndSecretAuthenticator.PROVIDER_ID) .assertEvent(); - LogoutResponse logoutResponse = oauth.doLogout(response.getRefreshToken(), "secret"); + LogoutResponse logoutResponse = oauth.doLogout(response.getRefreshToken()); assertTrue(logoutResponse.isSuccess()); events.expectLogout(accessToken.getSessionState()).client("resource-owner").removeDetail(Details.REDIRECT_URI).assertEvent(); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ServiceAccountTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ServiceAccountTest.java index 0c90d097e84..4c92310f3f8 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ServiceAccountTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ServiceAccountTest.java @@ -228,7 +228,7 @@ public class ServiceAccountTest extends AbstractKeycloakTest { .detail(Details.CLIENT_AUTH_METHOD, ClientIdAndSecretAuthenticator.PROVIDER_ID) .assertEvent(); - LogoutResponse logoutResponse = oauth.doLogout(response.getRefreshToken(), "secret1"); + LogoutResponse logoutResponse = oauth.doLogout(response.getRefreshToken()); assertTrue(logoutResponse.isSuccess()); events.expectLogout(accessToken.getSessionState()) .client("service-account-cl-refresh-on") @@ -531,7 +531,7 @@ public class ServiceAccountTest extends AbstractKeycloakTest { assertEquals(200, response.getStatusCode()); assertEquals("service-account-service-account-cl-refresh-on", info.getPreferredUsername()); - LogoutResponse logoutResponse = oauth.doLogout(response.getRefreshToken(), "secret1"); + LogoutResponse logoutResponse = oauth.doLogout(response.getRefreshToken()); assertTrue(logoutResponse.isSuccess()); } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/TokenEndpointCorsTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/TokenEndpointCorsTest.java index 4b0f83ff157..00eef1b1808 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/TokenEndpointCorsTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/TokenEndpointCorsTest.java @@ -5,7 +5,6 @@ import org.apache.http.client.methods.CloseableHttpResponse; import org.apache.http.client.methods.HttpOptions; import org.junit.Rule; import org.junit.Test; -import org.keycloak.OAuth2Constants; import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.services.cors.Cors; import org.keycloak.testsuite.AbstractKeycloakTest; @@ -89,7 +88,7 @@ public class TokenEndpointCorsTest extends AbstractKeycloakTest { oauth.origin(VALID_CORS_URL); // No session - oauth.idTokenHint(response.getIdToken()).openLogout(); + oauth.logoutForm().idTokenHint(response.getIdToken()).open(); response = oauth.doRefreshTokenRequest(response.getRefreshToken()); assertEquals(400, response.getStatusCode()); assertCors(response); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/TokenIntrospectionTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/TokenIntrospectionTest.java index 6762680a066..15f403a35cf 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/TokenIntrospectionTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/TokenIntrospectionTest.java @@ -226,7 +226,7 @@ public class TokenIntrospectionTest extends AbstractTestRealmKeycloakTest { AccessTokenResponse accessTokenResponse = loginAndForceNewLoginPage(); String refreshToken1 = accessTokenResponse.getRefreshToken(); - oauth.doLogout(refreshToken1, "password"); + oauth.doLogout(refreshToken1); events.clear(); setTimeOffset(2); @@ -395,7 +395,7 @@ public class TokenIntrospectionTest extends AbstractTestRealmKeycloakTest { oauth.doLogin("test-user@localhost", "password"); String code = oauth.parseLoginResponse().getCode(); AccessTokenResponse accessTokenResponse = oauth.doAccessTokenRequest(code); - oauth.doLogout(accessTokenResponse.getRefreshToken(), "password"); + oauth.doLogout(accessTokenResponse.getRefreshToken()); oauth.client("confidential-cli", "secret1"); TokenMetadataRepresentation rep = oauth.doIntrospectionAccessTokenRequest(accessTokenResponse.getAccessToken()).asTokenMetadata(); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/TokenRevocationTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/TokenRevocationTest.java index 292c5563f26..29d603d0511 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/TokenRevocationTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/TokenRevocationTest.java @@ -273,7 +273,7 @@ public class TokenRevocationTest extends AbstractKeycloakTest { isTokenEnabled(tokenResponse, "test-app"); - oauth.doLogout(tokenResponse.getRefreshToken(), "password"); + oauth.doLogout(tokenResponse.getRefreshToken()); isTokenDisabled(tokenResponse, "test-app"); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/hok/HoKTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/hok/HoKTest.java index 766037a2b86..5c06ff9cd3a 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/hok/HoKTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/hok/HoKTest.java @@ -562,7 +562,7 @@ public class HoKTest extends AbstractTestRealmKeycloakTest { LogoutResponse response = null; try (CloseableHttpClient client = MutualTLSUtils.newCloseableHttpClientWithDefaultKeyStoreAndTrustStore()) { oauth.httpClient().set(client); - response = oauth.doLogout(refreshTokenString, "password"); + response = oauth.doLogout(refreshTokenString); } catch (IOException ioe) { throw new RuntimeException(ioe); } finally { @@ -581,7 +581,7 @@ public class HoKTest extends AbstractTestRealmKeycloakTest { LogoutResponse response = null; try (CloseableHttpClient client = MutualTLSUtils.newCloseableHttpClientWithoutKeyStoreAndTrustStore()) { oauth.httpClient().set(client); - response = oauth.doLogout(refreshTokenString, "password"); + response = oauth.doLogout(refreshTokenString); } catch (IOException ioe) { throw new RuntimeException(ioe); } finally { diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/par/ParTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/par/ParTest.java index ee222e9f451..a4e3a627156 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/par/ParTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/par/ParTest.java @@ -204,7 +204,7 @@ public class ParTest extends AbstractClientPoliciesTest { assertEquals(findUserByUsername(adminClient.realm(REALM_NAME), TEST_USER_NAME).getId(), refreshedToken.getSubject()); // Logout - oauth.doLogout(refreshResponse.getRefreshToken(), clientSecret); + oauth.doLogout(refreshResponse.getRefreshToken()); refreshResponse = oauth.doRefreshTokenRequest(refreshResponse.getRefreshToken()); assertEquals(400, refreshResponse.getStatusCode()); @@ -283,7 +283,7 @@ public class ParTest extends AbstractClientPoliciesTest { assertEquals(findUserByUsername(adminClient.realm(REALM_NAME), TEST_USER_NAME).getId(), refreshedToken.getSubject()); // Logout - oauth.doLogout(refreshResponse.getRefreshToken(), clientSecret); + oauth.doLogout(refreshResponse.getRefreshToken()); refreshResponse = oauth.doRefreshTokenRequest(refreshResponse.getRefreshToken()); assertEquals(400, refreshResponse.getStatusCode()); @@ -656,7 +656,7 @@ public class ParTest extends AbstractClientPoliciesTest { assertTrue(token.getScope().contains("profile")); // Logout - oauth.doLogout(res.getRefreshToken(), clientSecret); // same oauth instance is used so that this logout is needed to send authz request consecutively. + oauth.doLogout(res.getRefreshToken()); // same oauth instance is used so that this logout is needed to send authz request consecutively. // Authorization Request with request_uri of PAR #1 // remove parameters as query strings of uri @@ -714,7 +714,7 @@ public class ParTest extends AbstractClientPoliciesTest { assertEquals(OIDCLoginProtocol.CLIENT_SECRET_BASIC, oidcC2Rep.getTokenEndpointAuthMethod()); // Pushed Authorization Request #1 - oauth.clientId(clientId); + oauth.client(clientId, clientSecret); oauth.redirectUri(CLIENT_REDIRECT_URI); ParResponse pResp = oauth.doPushedAuthorizationRequest(clientId, clientSecret); assertEquals(201, pResp.getStatusCode()); @@ -758,7 +758,7 @@ public class ParTest extends AbstractClientPoliciesTest { assertTrue(token.getScope().contains("profile")); // Logout - oauth.doLogout(res.getRefreshToken(), client2Secret); // same oauth instance is used so that this logout is needed to send authz request consecutively. + oauth.doLogout(res.getRefreshToken()); // same oauth instance is used so that this logout is needed to send authz request consecutively. // Authorization Request with request_uri of PAR #1 // remove parameters as query strings of uri @@ -1300,7 +1300,7 @@ public class ParTest extends AbstractClientPoliciesTest { assertEquals(findUserByUsername(adminClient.realm(REALM_NAME), TEST_USER_NAME).getId(), refreshedToken.getSubject()); // Logout - oauth.doLogout(refreshResponse.getRefreshToken(), clientSecret); + oauth.doLogout(refreshResponse.getRefreshToken()); refreshResponse = oauth.doRefreshTokenRequest(refreshResponse.getRefreshToken()); assertEquals(400, refreshResponse.getStatusCode()); } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/tokenexchange/AbstractSubjectImpersonationTokenExchangeTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/tokenexchange/AbstractSubjectImpersonationTokenExchangeTest.java index f0927e15a66..e66db028e55 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/tokenexchange/AbstractSubjectImpersonationTokenExchangeTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/tokenexchange/AbstractSubjectImpersonationTokenExchangeTest.java @@ -45,7 +45,6 @@ import org.keycloak.testsuite.util.AdminClientUtil; import org.keycloak.testsuite.util.oauth.AuthorizationEndpointResponse; import org.keycloak.testsuite.util.oauth.OAuthClient; import org.keycloak.util.BasicAuthHelper; -import org.keycloak.util.JsonSerialization; import static org.hamcrest.MatcherAssert.assertThat; import static org.hamcrest.Matchers.instanceOf; @@ -368,7 +367,7 @@ public abstract class AbstractSubjectImpersonationTokenExchangeTest extends Abst )); org.junit.Assert.assertEquals(Response.Status.FORBIDDEN.getStatusCode(), response.getStatus()); - oauth.idTokenHint(tokenResponse.getIdToken()).openLogout(); + oauth.logoutForm().idTokenHint(tokenResponse.getIdToken()).open(); oauth.client("direct-public", "secret"); authzResponse = oauth.doLogin("user", "password"); tokenResponse = oauth.doAccessTokenRequest(authzResponse.getCode()); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/tokenexchange/StandardTokenExchangeV1Test.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/tokenexchange/StandardTokenExchangeV1Test.java index 5d0abb2e390..9bcb661e9c2 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/tokenexchange/StandardTokenExchangeV1Test.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/tokenexchange/StandardTokenExchangeV1Test.java @@ -476,9 +476,8 @@ public class StandardTokenExchangeV1Test extends AbstractKeycloakTest { String code = oauth.parseLoginResponse().getCode(); AccessTokenResponse tokenResponse = oauth.doAccessTokenRequest(code); String idTokenString = tokenResponse.getIdToken(); - String logoutUrl = oauth.getEndpoints().getLogoutBuilder().idTokenHint(idTokenString) - .postLogoutRedirectUri(oauth.APP_AUTH_ROOT).build(); - driver.navigate().to(logoutUrl); + oauth.logoutForm().idTokenHint(idTokenString) + .postLogoutRedirectUri(oauth.APP_AUTH_ROOT).open(); logoutToken = testingClient.testApp().getBackChannelRawLogoutToken(); Assert.assertNotNull(logoutToken); AccessTokenResponse response = oauth.doTokenExchange(logoutToken, "target", "direct-legal", "secret"); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/AcrAuthFlowTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/AcrAuthFlowTest.java index fd230888c72..f140429a711 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/AcrAuthFlowTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/AcrAuthFlowTest.java @@ -445,7 +445,7 @@ public class AcrAuthFlowTest extends AbstractOIDCScopeTest{ */ private void logout(String userId, Tokens tokens){ // Logout - oauth.doLogout(tokens.refreshToken, CLIENT_SECRET); + oauth.doLogout(tokens.refreshToken); events.expectLogout(tokens.idToken.getSessionState()) .client(CLIENT_ID) .user(userId) diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/AuthenticationMethodReferenceTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/AuthenticationMethodReferenceTest.java index 6867175ac43..86320c9f479 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/AuthenticationMethodReferenceTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/AuthenticationMethodReferenceTest.java @@ -477,7 +477,7 @@ public class AuthenticationMethodReferenceTest extends AbstractOIDCScopeTest{ */ private void logout(String userId, Tokens tokens){ // Logout - oauth.doLogout(tokens.refreshToken, CLIENT_SECRET); + oauth.doLogout(tokens.refreshToken); events.expectLogout(tokens.idToken.getSessionState()) .client(CLIENT_ID) .user(userId) diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/LightWeightAccessTokenTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/LightWeightAccessTokenTest.java index e77c8358725..3f67a93a45c 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/LightWeightAccessTokenTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/LightWeightAccessTokenTest.java @@ -330,7 +330,7 @@ public class LightWeightAccessTokenTest extends AbstractClientPoliciesTest { oauth.client(TEST_CLIENT, TEST_CLIENT_SECRET); deletePolicy(POLICY_NAME); - oauth.doLogout(tokenResponse.getRefreshToken(), TEST_CLIENT_SECRET); + oauth.doLogout(tokenResponse.getRefreshToken()); authsEndpointResponse = oauth.doLogin(TEST_USER_NAME, TEST_USER_PASSWORD); tokenResponse = oauth.doAccessTokenRequest(authsEndpointResponse.getCode()); @@ -397,7 +397,7 @@ public class LightWeightAccessTokenTest extends AbstractClientPoliciesTest { oauth.client(TEST_CLIENT, TEST_CLIENT_SECRET); alwaysUseLightWeightAccessToken(false); - oauth.doLogout(tokenResponse.getRefreshToken(), TEST_CLIENT_SECRET); + oauth.doLogout(tokenResponse.getRefreshToken()); authsEndpointResponse = oauth.doLogin(TEST_USER_NAME, TEST_USER_PASSWORD); tokenResponse = oauth.doAccessTokenRequest(authsEndpointResponse.getCode()); @@ -458,7 +458,7 @@ public class LightWeightAccessTokenTest extends AbstractClientPoliciesTest { oauth.client(TEST_CLIENT, TEST_CLIENT_SECRET); alwaysUseLightWeightAccessToken(false); - oauth.doLogout(tokenResponse.getRefreshToken(), TEST_CLIENT_SECRET); + oauth.doLogout(tokenResponse.getRefreshToken()); authsEndpointResponse = oauth.doLogin(TEST_USER_NAME, TEST_USER_PASSWORD); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/OIDCAdvancedRequestParamsTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/OIDCAdvancedRequestParamsTest.java index 62a62077595..2ff719488cd 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/OIDCAdvancedRequestParamsTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/OIDCAdvancedRequestParamsTest.java @@ -1328,7 +1328,7 @@ public class OIDCAdvancedRequestParamsTest extends AbstractTestRealmKeycloakTest client.close(); } - oauth.doLogout(accessTokenResponse.getRefreshToken(), "password"); + oauth.doLogout(accessTokenResponse.getRefreshToken()); events.expectLogout(accessTokenResponse.getSessionState()).client("test-app").clearDetails().assertEvent(); @@ -1412,8 +1412,7 @@ public class OIDCAdvancedRequestParamsTest extends AbstractTestRealmKeycloakTest String code = oauth.parseLoginResponse().getCode(); String idTokenHint = oauth.doAccessTokenRequest(code).getIdToken(); - oauth.idTokenHint(idTokenHint); - oauth.openLogout(); + oauth.logoutForm().idTokenHint(idTokenHint).open(); oauth = oauth.request(createEncryptedRequestObject(RSA_OAEP_256)); oauth.doLogin("test-user@localhost", "password"); assertTrue(appPage.isCurrent()); @@ -1452,8 +1451,7 @@ public class OIDCAdvancedRequestParamsTest extends AbstractTestRealmKeycloakTest String code = oauth.parseLoginResponse().getCode(); String idTokenHint = oauth.doAccessTokenRequest(code).getIdToken(); - oauth.idTokenHint(idTokenHint); - oauth.openLogout(); + oauth.logoutForm().idTokenHint(idTokenHint).open(); oauth = oauth.request(createEncryptedRequestObject(RSA_OAEP_256)); oauth.doLogin("test-user@localhost", "password"); assertTrue(appPage.isCurrent()); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/OIDCDynamicScopeTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/OIDCDynamicScopeTest.java index fe0c2f49088..915ceeca060 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/OIDCDynamicScopeTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/OIDCDynamicScopeTest.java @@ -237,7 +237,7 @@ public class OIDCDynamicScopeTest extends OIDCScopeTest { Tokens tokens = sendTokenRequest(loginEvent, userId, "openid email profile " + expectedRoleScopes, "test-app"); Assert.assertNames(tokens.accessToken.getRealmAccess().getRoles(), expectedRoles); - oauth.doLogout(tokens.refreshToken, "password"); + oauth.doLogout(tokens.refreshToken); events.expectLogout(tokens.idToken.getSessionState()) .client("test-app") .user(userId) diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/OIDCScopeTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/OIDCScopeTest.java index 4ef3032d703..663ff09c507 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/OIDCScopeTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/OIDCScopeTest.java @@ -192,7 +192,7 @@ public class OIDCScopeTest extends AbstractOIDCScopeTest { assertMicroprofile(tokens.accessToken, false); // Logout - oauth.doLogout(tokens.refreshToken, "password"); + oauth.doLogout(tokens.refreshToken); events.expectLogout(idToken.getSessionState()) .client("test-app") .user(userId) @@ -306,7 +306,7 @@ public class OIDCScopeTest extends AbstractOIDCScopeTest { assertPhone(idToken, false); // Logout - oauth.doLogout(tokens.refreshToken, "password"); + oauth.doLogout(tokens.refreshToken); events.expectLogout(idToken.getSessionState()) .client("test-app") .user(userId) @@ -363,7 +363,7 @@ public class OIDCScopeTest extends AbstractOIDCScopeTest { assertPhone(idToken, false); // Logout - oauth.doLogout(tokens.refreshToken, "password"); + oauth.doLogout(tokens.refreshToken); events.expectLogout(idToken.getSessionState()) .client("third-party") .user(userId) @@ -665,7 +665,7 @@ public class OIDCScopeTest extends AbstractOIDCScopeTest { Tokens tokens = sendTokenRequest(loginEvent, userId,"openid email profile " + expectedRoleScopes, "test-app"); Assert.assertNames(tokens.accessToken.getRealmAccess().getRoles(), expectedRoles); - oauth.doLogout(tokens.refreshToken, "password"); + oauth.doLogout(tokens.refreshToken); events.expectLogout(tokens.idToken.getSessionState()) .client("test-app") .user(userId) diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/UserInfoTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/UserInfoTest.java index 9bf7dcf5701..0b62dcf3392 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/UserInfoTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/UserInfoTest.java @@ -601,7 +601,7 @@ public class UserInfoTest extends AbstractKeycloakTest { org.keycloak.testsuite.util.oauth.AccessTokenResponse accessTokenResponse = loginAndForceNewLoginPage(); String refreshToken1 = accessTokenResponse.getRefreshToken(); - oauth.doLogout(refreshToken1, "password"); + oauth.doLogout(refreshToken1); events.clear(); setTimeOffset(2); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/TestAppHelper.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/TestAppHelper.java index 3eb19620b55..c8d3949ecc0 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/TestAppHelper.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/TestAppHelper.java @@ -103,7 +103,7 @@ public class TestAppHelper { public boolean logout() { try { - return oauth.doLogout(refreshToken, "password").isSuccess(); + return oauth.doLogout(refreshToken).isSuccess(); } catch (RuntimeException e) { return false; } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/webauthn/AbstractWebAuthnVirtualTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/webauthn/AbstractWebAuthnVirtualTest.java index 027563e7c98..4d077d324ca 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/webauthn/AbstractWebAuthnVirtualTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/webauthn/AbstractWebAuthnVirtualTest.java @@ -387,8 +387,7 @@ public abstract class AbstractWebAuthnVirtualTest extends AbstractTestRealmKeycl protected void logout() { try { waitForPageToLoad(); - String logoutUrl = oauth.getEndpoints().getLogoutBuilder().build(); - driver.navigate().to(logoutUrl); + oauth.openLogoutForm(); logoutConfirmPage.assertCurrent(); logoutConfirmPage.confirmLogout(); infoPage.assertCurrent();